Configure self signed certificate on a locally hosted website

 1. create a private key

cd /etc/ssl/aureusapps

sudo openssl genrsa -des3 -out aureusapps.key 2048

2. Create a self signed certificate to use as root CA

sudo openssl req -x509 -new -key aureusapps.key -sha256 -days 1825 -out aureusapps.pem

-x509: Specifies that the certificate is to be self-signed rather than signed by a Certificate Authority (CA). This option is used for generating a root or self-signed certificate.

-new : generate new certificate request

-noenc : if a private key is created it will not be encrypted

-key : provides the private key for signing a new certificate or certificate request

-sha256 : Specifies SHA-256 as the hashing algorithm

3. Install root certificate

 sudo trust anchor aureusapps.pem

4. Creating CA-Signed Certificates for Your Dev Sites

    1. Create private key for site

        sudo openssl genrsa -out memeslab.aureusapps.dev.key 2048

    2. Create certificate signing request CSR

        sudo openssl req -new -key memeslab.aureusapps.dev.key -out memeslab.aureusapps.dev.csr

    3. create an X509 V3 certificate extension config file

authorityKeyIdentifier=keyid,issuer

basicConstraints=CA:FALSE

keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment

subjectAltName = @alt_names

[alt_names]

DNS.1 = memeslab.aureusapps.dev

    4. Sign certificate request using CA private key
sudo openssl x509 -req -in memeslab.aureusapps.dev.csr -CA aureusapps.pem -CAkey aureusapps.key -CAcreateserial -out memeslab.aureusapps.dev.crt -days 825 -sha256 -extfile memeslab.aureusapps.dev.ext

5. Update apache SSL config

    SSLCertificateFile /etc/ssl/aureusapps/memeslab.aureusapps.dev.crt

    SSLCertificateKeyFile /etc/ssl/aureusapps/memeslab.aureusapps.dev.key