How to Install a Self-Signed SSL Certificate on Your Ubuntu 18.04 VPS or Dedicated Server

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) play a major role when it comes to securing your Apache web server running on Ubuntu 18.04 machine.

The technology is very useful in all websites and online applications where sensitive information is exchanged. For instance, any online shop that requires users to submit credit card information should have an SSL certificate installed.

You can purchase an SSL certificate from verified certifying authorities like Comodo or Namecheap. However, you can still use a self-signed certificate on your Ubuntu 18.04 server particularly if you access your server using an IP address only.

This forms the basis of this guide and we are going to show you how to install a self-signed SSL on your Ubuntu 18.04 VPS.

Prerequisites

    • An Ubuntu server running version 18.04
    • Apache web server
    • A non-root user that can perform sudo tasks

Step 1: Make sure your Apache web server is up and running

The first step is to make sure that Apache is installed and your website is running. To do this, type the public IP address of your Ubuntu 18.04 server on a web browser. You should see the below default Apache web page.

However, this might be different if you have already uploaded your website’s file.

Step 2: Create the SSL Certificate

SSL/TLS rely on a combination of public and private keys. While the private key portion of the SSL/TLS certificate is kept on the server, the public key is shared with all clients requesting information from your Ubuntu 18.04 server.

The private key encrypts data before it is sent to the client hence ensuring the security while the public key decrypts information from the server

So we need to create a self-signed private key and a certificate key pair. By default, Ubuntu 18.04 comes with OpenSSL – an open source implementation of the SSL and TLS protocol.

You can check the OpenSSL version number by typing the command below:

openssl version

Output

Creating the certificate and private key pair

We can create the certificate and private key pair using OpenSSL with just a single command listed below:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/my.key -out /etc/ssl/certs/my.crt

You will be prompted to enter information that will be incorporated on your certificate request as show below:

  • State or Province: e.g. CENTRAL
  • Locality Name:  Name of City e.g. NAIROBI
  • Organisation Name: e.g. MY SAMPLE COMPANY
  • Organizational Unit Name (eg, section) []: e.g. IT DEPARTMENT
  • Common Name (e.g. server FQDN or YOUR name) []: The exact domain name or public IP address e.g. www.example.com
  • Email Address: e.g. info@example.com

After answering the questions above, the private and crt files will be placed on the path that you specified on the OpenSSL command. For instance, in our case, the private key will be placed in /etc/ssl/private/my.key while the CRT will be placed in /etc/ssl/certs/my.crt

Step 3: Enable port 443

You should enable apache to run on port 443 if you have installed any firewall e.g. on UFW run the command below:

sudo ufw allow 443

OR

sudo ufw allow https

Step 4: Enable the default configuration file for SSL

By default, the default SSL virtual host that ships with Apache is disabled by default. You need to enable it by using the command below:

sudo a2ensite default-ssl.conf

Step 5: Restart Apache

We can now restart apache for the changes to take effect by typing the command below on a terminal window:

sudo systemctl restart apache2

Step 6: Testing encryption

Enter your server’s public IP address or domain name on a browser preceded with https to test if encryption is working. Don’t worry if you see a certificate warning, this is because we are using a self-signed certificate that is not on the list of your browser’s trusted authorities.

Conclusion

That’s the basic procedure of installing a self-signed certificate on your Ubuntu 18.04 server. Any communication on your server will now be encrypted. Remember it is more appropriate to use self-signed certificates if clients reach your web application using an IP address.

For instance, use the certificate when implementing a non-user facing application. If you have a domain name, you might find more useful to use a trusted certificate from the Let’s Encrypt open source foundation.

Check out the top 3 Dedicated server hosting services:

HostArmada
£1.98 /mo
Starting price
Visit HostArmada
Rating based on expert review
  • User Friendly
    4.5
  • Support
    4.5
  • Features
    4.5
  • Reliability
    4.5
  • Pricing
    4.0
IONOS
£0.79 /mo
Starting price
Visit IONOS
Rating based on expert review
  • User Friendly
    4.5
  • Support
    4.0
  • Features
    4.5
  • Reliability
    4.5
  • Pricing
    4.3
Ultahost
£2.30 /mo
Starting price
Visit Ultahost
Rating based on expert review
  • User Friendly
    4.3
  • Support
    4.8
  • Features
    4.5
  • Reliability
    4.0
  • Pricing
    4.8

How to Install & Configure the Caddy web server on an Ubuntu 18.04 VPS

Caddy is the only new server's that secure by default. It's growing in popularit
3 min read
Eliran Ouzan
Eliran Ouzan
Web Designer & Hosting Expert

How to Install a Let’s Encrypt Certificate on your Ubuntu 18.04 Dedicated Server or VPS

If you are hosting your website on a VPS server running Ubuntu 18.04, we will sh
3 min read
Michael Levanduski
Michael Levanduski
Expert Hosting Writer & Tester

How to Set Up SSH for your Ubuntu 18.04 VPS or Dedicated Server

This how-to article shows you how to create a public and a private key for acces
4 min read
Arvind Singh
Arvind Singh
Hosting Expert

How to Set Up SSH for your Ubuntu 18.04 VPS or Dedicated Server

This how-to article shows you how to create a public and a private key for acces
3 min read
Michael Levanduski
Michael Levanduski
Expert Hosting Writer & Tester
HostAdvice.com provides professional web hosting reviews fully independent of any other entity. Our reviews are unbiased, honest, and apply the same evaluation standards to all those reviewed. While monetary compensation is received from a few of the companies listed on this site, compensation of services and products have no influence on the direction or conclusions of our reviews. Nor does the compensation influence our rankings for certain host companies. This compensation covers account purchasing costs, testing costs and royalties paid to reviewers.
Click to go to the top of the page
Go To Top