Create an SSL certificate for Apache

NOTE: The steps below assume that you are using a custom domain name and that you have already configured the custom domain name to point to the Application Gateway of the deployment.

This section will guide you through the process to create the SSL certificate and encode it in the correct format to use the Azure’s Application Gateway. To do so, follow the instructions below:

  • Generate your private key:

    NOTE: Make sure you keep your private key in a safe place, as it will be used to generate the certificates to provite HTTPS support for your application.

    $ openssl genrsa -out private-key.key 4096
  • Generate the certificate request:

    $ openssl req -new -key private-key.key -out certificate-request.csr

    Once you have executed the command above, you will be prompted to enter some information related to the certificate. Make sure that your custom domain URL is specified in the Common Name step.

    IMPORTANT: This guide shows you the process of self-signing the certificate and uploading it to the Azure’s Application Gateway. You can also request a Certification Authority to sign your certificate sending the server.csr file you have just generated.

  • Self-sign the certificate request:

    $ openssl x509 -req -days 365 -in certificate-request.csr -signkey private-key.key -out signed-certificate.crt
  • Encode the certificate in PKCS #12 format:

    The Application Gateway requires a certificate encoded in PKCS #12 format with the pfx extension. To convert your certificate to this format, execute the following:

    $ openssl pkcs12 -export -out certificate.pfx -inkey private-key.key -in signed-certificate.crt

    IMPORTANT: Create a strong password for the exported certificate. You will use it later during the import process in the Azure Portal.

Now, you can use the certificate.pfx file in the Application Gateway to configure HTTPS for your application.

Last modification September 10, 2018