Updating a self-signed SSL certificate for Apache on Ubuntu 12.04

I had to update a self-signed SSL certificate for Apache today on an Ubuntu 12.04 server, as the old certificate had expired. I found a recipe for Debian which explained the process in a way that I was able to adapt to Ubuntu. Here is the complete process to renew your cert for another 365 days:

Change directories to the certificate location:

cd /etc/apache2/ssl

Generate a new key:
sudo openssl genrsa -out example.com.key 1024 

Generate a certificate signing request:

sudo openssl req -new -key example.com.key -out example.com.csr 
Generate a new certificate, by signing the CSR with the key:

sudo openssl x509 -req -days 365 -in example.com.csr \
  -signkey example.com.key -out example.com.crt 

Move the old key and certificate away, and copy the new key and certificate in: 

sudo mv apache.key apache.key.old
sudo cp example.com.key apache.key
sudo mv apache.crt apache.crt.old
sudo cp example.com.crt apache.crt 

Restart the webserver:

sudo service apache2 restart

Now, load your website via SSL.  You should be prompted to accept the untrusted certificate (not expired). Add the permanent exception, and you're good to go for another 365 days.

No comments:

Post a Comment

Comments welcome!