Configuring Apache to use SSL: Difference between revisions

Having a certificate signed by a [https://en.wikipedia.org/wiki/Certificate_authority Certificate Authority] (CA) allows visitors of the site to verify by a third party (the CA) that the website is the expected website, avoiding [https://en.wikipedia.org/wiki/Man-in-the-middle_attack man-in-the-middle-attacks]. Many CAs require a yearly fee; one CA which does not is the [https://letsencrypt.org/ let's encrypt] CA. [https://certbot.eff.org/ Certbot] is a tool for automatically creating and renewing an SSL certificate signed by the let's encrypt CA and automatically configures your web server to use the SSL certificate. See the [https://certbot.eff.org/docs/ certbot docs] website for instructions on using certbot.

This section describes the procedure for creating a self-signed SSL certificate as apposed to one signed by a [https://en.wikipedia.org/wiki/Certificate_authority CA] and configuring Apache to use it to encrypt communications. Self-signed certificates should not be used for production sites, though they may be useful for small locally used sites and for testing.

The following steps assume you are using the Ubuntu operating system. If using another Linux operating system the steps will be similar but the details will likely be different such as slightly different commands or different locations and names of configuration files.