Page 1 of 1

Linux: Create SSL certificate (self-signed)

Posted: Fri Feb 05, 2016 12:32 am
by ^rooker
Here's a short BASH script that creates SSL certificates and puts them in apache's folders - ready for use:

Code: Select all

#!/bin/bash
# @author: ^Rooker
# @date: 08.DEC.2013
# @description:
#   This script is just to help my (forgettable) memory when (re-)creating 
#   an SSL certificate and key for use with Apache webserver for secure (https) connections.
#   
#   Most information where taken from the following HowTo article:
#   https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-12-04
#
#   IMPORTANT:
#       This script must be run with root-priviledges. What a surprise! ;)

DAYS_VALID=666              # How many days until the generated certificate expires.
NAME="$1"

SSL_DIR="/etc/apache2/ssl"
SSL_CRT_FILE="$SSL_DIR/ssl-cert-$NAME.crt"
SSL_KEY_FILE="$SSL_DIR/ssl-cert-$NAME.key"

if [ -z "$NAME" ]; then
    echo "ERROR: Please provide a name for the certificate. e.g. 'the_shadow'"
    exit 1
fi

# These things only have to be done once, to enable SSL support on Apache:
# - Enable Apache's SSL module:
a2enmod ssl
# - Enable Apache's SSL vhost site:
# NOTE Enable sites manually. "default-ssl" is just the regular off-the-shelf example.
#a2ensite default-ssl

# Create folder for Apache SSL certificates:
mkdir -p "$CERT_DIR"

# Generate a self-signed certificate:
sudo openssl req -x509 -nodes -days $DAYS_VALID -newkey rsa:2048 -keyout $SSL_KEY_FILE -out $SSL_CRT_FILE
Then call it, giving the certificate a useful name. "the_shadow" for example. That's the name of the webserver:

Code: Select all

$ ./create_ssl.sh "the_shadow"
Then reload Apache:
(This example is for Debian/Ubuntu based distros)
$ sudo service apache2 reload
Done! :D