Zero logo

Apache - Self-Signed Server Certificate

This covers how to enable SSL on The Uniform Server Zero XV.

The Uniform Server Zero does not include a test server certificate/key pair, so a default installation has SSL disabled for security reason. A certificate/key pair must be unique to each server. After creating a new server certificate/key pair, SSL is automatically enabled in Apache's configuration file.

Creating a self-signed certificate

Generating a self-signed certificate requires only a few mouse clicks. The Server Certificate and Key generator form has been pre-configured for a self-signed certificate. There is no need to change these values; just click Generate. However, if you wish, you can change any of the defaults.

Apache > Apache SSL > Server Certificate and Key generator

  • This opens the Server Certificate and Key generator menu shown at right.
  • Click Generate (D). After a short time, a confirmation pop-up is displayed.
  • For the new configuration to become effective, you must restart Apache server.

The above generates a self-signed certificate.

Note 1: If you have changed the server name using Apache basic configuration menu, that name will be displayed instead of localhost (A).

Note 2: Country and RSA bits (B-C) are dropdown menus.

Note 3: 2048 Bits (C) provide high-grade encryption; no need to change this.

  Start as program

Alternative Script

The Uniform Server Zero provides an alternative for generating a server certificate and key pair.

Run the batch file UniServerZ\core\openssl\Generate_server_cert_and_key.bat

This script generates a self-signed server certificate and key pair. It assumes you have not changed the server name from its default of localhost. This allows the certificate and key to be automatically generated and installed without any user input.

Note: The certificate signing request (server.csr) is not required and is deleted.

Signed certificate

If you are intending to purchase a signed certificate, a certificate-signing request (server.csr) is required. Run Server Certificate and Key generator, which does not delete the server.csr file.

Apache > Apache SSL > Server Certificate and Key generator

  • Fill in all appropriate form fields.
  • Click Generate.
  • The certificate-signing request server.csr is generated and saved in folder UniServerZ\core\openssl.
  • Open this file and post the contents for signing by the certificate authority.
  • When you receive the signed certificate, replace the self-signed certificate with it.

Note 1: Copy both the server key (UniServerZ\core\apache2\server_certs\server.key) and the returned signed certificate to another device for safekeeping.

Note 2: For a free signed certificate, check out the following page: Free server certificate

Where to next

Apache SSL - Introduction and overview.
Free server certificate - How to obtain and install a free server certificate.


--oOo--