Simple step-by-step on how to create a self-signed SSL cert in Ubuntu and then some notes on how to use it (some specific mentions of Perforce Swarm, so just update things to reflect your own site name:
1. Enable SSL for Apache2
sudo a2enmod ssl
2. Create directory to save certificates
sudo mkdir /etc/apache2/ssl
3. Create the required certificates
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
Note: Ensure the ‘Common Name’ you provide matches your Swarm servers FQDN exactly.
4. Follow the on screen prompts adding organization information as required.
5. Backup the current HTTP virtual host configuration:
cp /etc/apache2/sites-available/perforce-swarm-site.conf /etc/apache2/sites-available/perforce-swarm-site.conf.BAK
6. Edit the Apache site config file for the Swarm virtual host:
sudo nano /etc/apache2/sites-available/perforce-swarm-site.conf
We’ll continue to listing on port 80 for plain HTTP requests and on port 443 for HTTPS. See below, replacing SWARM-SERVER_HOSTNAME with the FQDN of your Swarm server.
CustomLog “/var/log/apache2/swarm.access_log” common
Require all granted
CustomLog “/var/log/apache2/swarmssl.access_log” common
Require all granted
Note: Please check with your security team to ensure the permissions provided in this setup are suitably restrictive for your environment.
5. Restart Apache to pickup the changes
sudo service apache2 restart
6. Now try your new HTTPS URL from a web browser.
Now, in Ubuntu, here’s how to add that client-side certificate file you created above when you made the self-signed SSL cert (run alls steps as the root user):
Given a CA certificate file foo.crt, follow these steps to install it on Ubuntu:
Create a directory for extra CA certificates in /usr/share/ca-certificates:
sudo mkdir /usr/share/ca-certificates/extra
Copy the CA .crt file to this directory:
sudo cp foo.crt /usr/share/ca-certificates/extra/foo.crt
– I’d suggest renaming that .crt file to include the full domain name
Let Ubuntu add the .crt file’s path relative to /usr/share/ca-certificates to /etc/ca-certificates.conf:
sudo dpkg-reconfigure ca-certificates
In case of a .pem file on Ubuntu, it must first be converted to a .crt file:
openssl x509 -in foo.pem -inform PEM -out foo.crt
You can redirect http traffic to https by adding the below to the end of the
– Redirect / https://