Self-Signed SSL Certs on Ubuntu and Apache2

Simple step-by-step on how to create a self-signed SSL cert in Ubuntu and then some notes on how to use it (some specific mentions of Perforce Swarm, so just update things to reflect your own site name:

1. Enable SSL for Apache2
sudo a2enmod ssl
2. Create directory to save certificates
sudo mkdir /etc/apache2/ssl

3. Create the required certificates
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

Note: Ensure the ‘Common Name’ you provide matches your Swarm servers FQDN exactly.

4. Follow the on screen prompts adding organization information as required.

5. Backup the current HTTP virtual host configuration:
cp /etc/apache2/sites-available/perforce-swarm-site.conf /etc/apache2/sites-available/perforce-swarm-site.conf.BAK

6. Edit the Apache site config file for the Swarm virtual host:
sudo nano /etc/apache2/sites-available/perforce-swarm-site.conf
We’ll continue to listing on port 80 for plain HTTP requests and on port 443 for HTTPS. See below, replacing SWARM-SERVER_HOSTNAME with the FQDN of your Swarm server.


ServerName SWARM-SERVER_HOSTNAME
ErrorLog “/var/log/apache2/swarm.error_log”
CustomLog “/var/log/apache2/swarm.access_log” common
DocumentRoot “/opt/perforce/swarm/public”

AllowOverride All
Require all granted


SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

ServerName SWARM-SERVER_HOSTNAME
ErrorLog “/var/log/apache2/swarmssl.error_log”
CustomLog “/var/log/apache2/swarmssl.access_log” common
DocumentRoot “/opt/perforce/swarm/public”

AllowOverride All
Require all granted


Note: Please check with your security team to ensure the permissions provided in this setup are suitably restrictive for your environment.

5. Restart Apache to pickup the changes
sudo service apache2 restart
6. Now try your new HTTPS URL from a web browser.

Now, in Ubuntu, here’s how to add that client-side certificate file you created above when you made the self-signed SSL cert (run alls steps as the root user):

Given a CA certificate file foo.crt, follow these steps to install it on Ubuntu:

Create a directory for extra CA certificates in /usr/share/ca-certificates:
sudo mkdir /usr/share/ca-certificates/extra

Copy the CA .crt file to this directory:
sudo cp foo.crt /usr/share/ca-certificates/extra/foo.crt
– I’d suggest renaming that .crt file to include the full domain name

Let Ubuntu add the .crt file’s path relative to /usr/share/ca-certificates to /etc/ca-certificates.conf:
sudo dpkg-reconfigure ca-certificates

In case of a .pem file on Ubuntu, it must first be converted to a .crt file:
openssl x509 -in foo.pem -inform PEM -out foo.crt

You can redirect http traffic to https by adding the below to the end of the section on your server:
– Redirect / https://

From 2 great finds:
http://answers.perforce.com/articles/KB/3977
https://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate