Sometimes admins need to be able to test a web-based solution before deciding it’s worth using. When that software requires SSL, you can enable a snake oil SSL key for testing purposes.
I cannot tell you how many times I’ve installed a web-based application for testing purposes, only to find that application requires SSL to function. Because of the nature of what I’m doing, I don’t need to get a full-blown, domain-ready SSL certificate from a CA. I just need basic SSL support, so I can install the app and make sure it works, see if it’s something I want to use, or write a tutorial on how to install it.
Considering how many tutorials I write, getting that many domains or CAs would be a real hassle. To that end, a lot of the time I cheat a bit and enable SSL on Ubuntu server in such a way those web-based apps will work, even though the security offered by this route doesn’t add much to the equation.
SEE: Windows 10 security: A guide for business leaders (TechRepublic Premium)
So how do you do this? It’s actually quite easy and can be done with three quick commands.
Log in to your Ubuntu server and gain access to the bash prompt. The first thing to do is load the SSL module with the command:
sudo a2enmod ssl
Once the module is loaded, you then need to enable the default SSL configuration with the command:
sudo a2ensite default-ssl.conf
This configuration will set the SELengine to On and make use of a self-signed (snake oil) certificate and key. If you’re using an actual SSL certificate from a trusted CA, you’d configure it with the lines SSLCertificateFIle and SSLCertificateKeyFile.
Finally, restart Apache with the command:
sudo systemctl restart apache2
If you view the information for the site, you’ll see the certificate is verified by localhost.localdomain, so it’s not truly secure. However, this method will allow you to get that web-based service installed and running.
If that software winds up being something you’ll use in a production environment, make sure to install and configure a certificate from a trusted certificate authority like LetsEncrypt. Otherwise, you’re good to go for testing.