Ubuntu: How to Renew Apache’s default SSL Certificate CodeUnit 16 DEC 2010

A lot of the time, in order to quickly enable SSL for Apache in Ubuntu, servers make use of a self-signed certificates. These are pretty useful, though they do have a tendency to expire on you when you least expect it.

To renew this ‘snake oil’ certificate as Apache dubs it is actually quite simple.

First, make some backups of the existing certificate and key just in case something goes wrong:

sudo cp /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/ssl-cert-snakeoil.key-backup

sudo cp /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/ssl-cert-snakeoil.pem-backup

Next, generate the new key (I’m making it valid for 5 years here – a bit excessive, I know):

openssl genrsa -out server.key 1024

openssl req -new -x509 -key server.key -out server.pem -days 1826

Fill out responses for all the questions asked and once done and generated, move these files back into their expected locations:

sudo mv server.key /etc/ssl/private/ssl-cert-snakeoil.key
sudo mv server.pem /etc/ssl/certs/ssl-cert-snakeoil.pem

At this point you might want to restart the Apache service as well, which can be done like so:

sudo /etc/init.d/apache2 restart

And you’re done! Nifty.

Related Posts:

About Craig Lotter

Software developer, husband and dad to two little girls. Writer behind An Exploring South African. I don't have time for myself any more.