Creating Certificate and activating apache’s mod-ssl (https) for Ubuntu and Slackware

Posted: September 20, 2011 in Linux, Slackware, Ubuntu

It’s quite an easy and painless process actually but I always forget the step, so I write it here for my own reminder, hope this can help others too ;)

First for apache’s mod-ssl (https) to work, we have to create a certificate.

Creating a certificate

Generate the keys for the Certificate Signing Request (CSR):

openssl genrsa -des3 -out server.key 1024

Create the insecure key, the one without a passphrase:

openssl rsa -in server.key -out server.key.insecure

Shuffle the key names:

mv server.key

mv server.key.insecure server.key

Create the CSR:

openssl req -new -key server.key -out server.csr

Create the self-signed certificate:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Install the key file server.key and certificate file server.crt:

sudo cp server.crt /etc/ssl/certs

sudo cp server.key /etc/ssl/private


Enable the mod_ssl module:

sudo a2enmod ssl

Restart the service to enable the new settings:

sudo /etc/init.d/apache2 restart


Edit httpd.conf

pico /etc/httpd/httpd.conf

Enable the mod_ssl module, remove the comment in front of this line:

LoadModule ssl_module lib/httpd/modules/
and this:
Include /etc/httpd/extra/httpd-ssl.conf

Change the location of certificate:

SSLCertificateFile “/etc/httpd/server.crt”
SSLCertificateFile “/etc/ssl/certs/server.crt”

SSLCertificateKeyFile “/etc/httpd/server.key”
SSLCertificateKeyFile “/etc/ssl/private/server.key”

Restart apache:

/etc/rc.d/rc.httpd restart

Last but not least, don’t forget to check the webserver directory on apache’s mod-ssl config:


pico /etc/apache2/sites-enabled/default-ssl


pico /etc/httpd/extra/httpd-ssl.conf

  1. adimutu06 says:

    it’s not working allthought 443 is open: this is what i get in FF:

    Secure Connection Failed

    An error occurred during a connection to localhost.

    SSL received a record that exceeded the maximum permissible length.

    (Error code: ssl_error_rx_record_too_long)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

  2. Michael says:

    “Last but not least, don’t forget to check the webserver directory on apache’s mod-ssl config:”
    check it for…..?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s