Create self-signed SSL certificate for Virtual Host

By | 2011/09/24

In Debian or Ubuntu, it is easy to generate a self-signed certificate for your virtual host. Here is how it works!

1. First, install the package ssl-cert:

$ sudo apt-get install ssl-cert

Since godaddy and the like are making 2048 bit certs common these days, optionally edit the file /usr/share/ssl-cert/ssleay.cnf and change 1024 bit 2048 for a 2048 bit cert.

$ sudo nano /usr/share/ssl-cert/ssleay.cnf

default_bits            = 2048

2. Next, this command will generate your private key and self-signed cert in one text file:

$ sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/private/

When prompted, input the host name of your virtual host which will be the commonName of your certificate.

3. Split up the generated .crt file into two files. First half of the file is the private key, second half is your self-signed certificate.

– Save the private key as /etc/ssl/private/

The entire .key file should include the BEGIN and END lines:


– Save the self-signed certificate as /etc/ssl/certs/

The entire .pem file should include the BEGIN and END certificate lines:


4. Fix some permissions:

$ sudo chmod 600 /etc/ssl/private/

5. Finally, add in your certificate and key file to your virtual hosts SSL configuration:

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile    /etc/ssl/certs/
SSLCertificateKeyFile /etc/ssl/private/

6. Restart apache:

sudo /etc/init.d/apache2 restart


Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.