nativeInstalleropencart

Create an SSL certificate for Apache

Before running the commands shown on this page, you should load the Bitnami stack environment by executing the installdir/use_APPNAME script (Linux and Mac OS X) or by clicking the shortcut in the Start Menu under “Start -> Bitnami APPNAME Stack -> Application console” (Windows). Learn more.

TIP: To quickly get started with HTTPS and SSL, follow these instructions to auto-configure a Let’s Encrypt SSL certificate. You can also use our interactive training scenario to learn how to enable HTTPS support in Apache with Let’s Encrypt or a custom SSL certificate.

OpenSSL is required to create an SSL certificate. A certificate request can then be sent to a certificate authority (CA) to get it signed into a certificate, or if you have your own certificate authority, you may sign it yourself, or you can use a self-signed certificate (because you just want a test certificate or because you are setting up your own CA).

Follow the steps below for your platform.

Linux and Mac OS X

NOTE: OpenSSL will typically already be installed on Linux and Mac OS X. If not installed, install it manually using your operating system’s package manager.

Follow the steps below:

  • Generate a new private key:

    $ sudo openssl genrsa -out installdir/apache2/conf/server.key 2048
    
  • Create a certificate:

    $ sudo openssl req -new -key installdir/apache2/conf/server.key -out installdir/apache2/conf/cert.csr
    

    IMPORTANT: Enter the server domain name when the above command asks for the “Common Name”.

  • Send cert.csr to the certificate authority. When the certificate authority completes their checks (and probably received payment from you), they will hand over your new certificate to you.

  • Until the certificate is received, create a temporary self-signed certificate:

    $ sudo openssl x509 -in installdir/apache2/conf/cert.csr -out installdir/apache2/conf/server.crt -req -signkey installdir/apache2/conf/server.key -days 365
    
  • Back up your private key in a safe location after generating a password-protected version as follows:

    $ sudo openssl rsa -des3 -in installdir/apache2/conf/server.key -out privkey.pem
    

    Note that if you use this encrypted key in the Apache configuration file, it will be necessary to enter the password manually every time Apache starts. Regenerate the key without password protection from this file as follows:

    $ sudo openssl rsa -in privkey.pem -out installdir/apache2/conf/server.key
    

Windows

NOTE: OpenSSL is not typically installed on Windows. Before following the steps below, download and install a binary distribution of OpenSSL.

Follow the steps below once OpenSSL is installed:

  • Set the OPENSSL_CONF environment variable to the location of your OpenSSL configuration file. Typically, this file is located in the bin/ subdirectory of your OpenSSL installation directory. Replace the OPENSSL-DIRECTORY placeholder in the command below with the correct location.

    $ set OPENSSL_CONF=C:\OPENSSL-DIRECTORY\bin\openssl.cfg
    
  • Change to the bin/ sub-directory of the OpenSSL installation directory. Replace the OPENSSL-DIRECTORY placeholder in the command below with the correct location.

    $ cd C:\OPENSSL-DIRECTORY\bin
    
  • Generate a new private key:

    $ openssl genrsa -out installdir/apache2/conf/server.key 2048
    
  • Create a certificate:

    $ openssl req -new -key installdir/apache2/conf/server.key -out installdir/apache2/conf/cert.csr
    

    IMPORTANT: Enter the server domain name when the above command asks for the “Common Name”.

  • Send cert.csr to the certificate authority. When the certificate authority completes their checks (and probably received payment from you), they will hand over your new certificate to you.

  • Until the certificate is received, create a temporary self-signed certificate:

    $ openssl x509 -in installdir/apache2/conf/cert.csr -out installdir/apache2/conf/server.crt -req -signkey installdir/apache2/conf/server.key -days 365
    
  • Back up your private key in a safe location after generating a password-protected version as follows:

    $ openssl rsa -des3 -in installdir/apache2/conf/server.key -out privkey.pem
    

    Note that if you use this encrypted key in the Apache configuration file, it will be necessary to enter the password manually every time Apache starts. Regenerate the key without password protection from this file as follows:

    $ openssl rsa -in privkey.pem -out installdir/apache2/conf/server.key
    

Find more information about certificates at http://www.openssl.org.