This blog entry describes how to configure mod_ssl on Ubuntu. This is designed as a quick reference for configuration.

   sudo -i
   openssl genrsa 1024 >
   openssl req -new -key &gt;</pre>

Make sure the “Common Name” is your host name.  In this example its “”

You can then give your CSR file to rapidssl,, or other certificate provider.

To create a self-signed certificate “”a.k.a. snake oil” you can do the following:

sudo openssl x509 -req -days 365 -in -signkey -out

Instead of creating a snake oil certificate, here is where you can go buy a certificate. Replace the SSLCACertificateFile with the one you get from the certificate vendor.

In /etc/apache2/sites-available/default-ssl. Make sure to add the ServerName directive. Make sure your SSL certs point to real files that exist.  See example:

  <IfModule mod_ssl.c>;
  <VirtualHost _default_:443>
  ServerAdmin webmaster@localhost
  DocumentRoot /var/www
 #   SSL Engine Switch:
 #   Enable/Disable SSL for this virtual host.
 SSLEngine on
 SSLCertificateFile /etc/apache2/ssl/
 SSLCertificateKeyFile /etc/apache2/ssl/
 SSLCACertificateFile /etc/apache2/ssl/

Also make sure you enable the ssl and the default-ssl site configuration!

sudo a2enmod ssl
a2ensite default-ssl
/etc/init.d/apache2 reload