How to create and add a self-signed SSL certificate to your Oracle Cloud Infrastructure (OCI) Load Balancer to access your deployed Apache web site using https, as well as to deploy your Apache site behind a URL
1️⃣ Create an internet-enabled VCN
Log in to cloud.oracle.com. Go to the Virtual Cloud Networks page.
Create an internet-enabled Virtual Cloud Network using the Start VCN Wizard > Create VCN with Internet Connectivity.
Give a random name for your VCN. Leave all other options as default. This will create a VCN with a public and private subnet.
2️⃣ Create a VM instance in the private subnet
Go to the Instances page and click Create instance to create a new instance in the private subnet. We'll be using Oracle Linux 9.
You may leave all other options as the default. Make sure to download the private SSH key so you can login into the instance.
3️⃣ Set up the Apache web site
We will be doing the steps mentioned in How to deploy an Apache web app using Oracle Cloud .
A simple Apache web site is easy to set up. But first, we need to log in using SSH into the VM instance.
🔹 1. Create a new Cloud Shell session and create a new private network definition of your private subnet. This is to enable us to be in the same network subnet as our VM instance.
🔹 2. Upload the private SSH .key file
Once we've connected to the new private network definition, we can upload our private SSH .key file.
🔹 3. Change permission level of SSH key
Change the permission level of the private SSH key first:
chmod 400 ssh-key-2025-08-07.key
🔹 4. Log in to the VM
Make sure to update the IP address to the private IP address of your VM instance.
ssh -i ssh-key-2025-08-07.key opc@10.0.1.87
🔹 5. Install Apache site
Run these Oracle Linux commands to install a simple Apache HTML site on your instance and to open the firewall rule for incoming port 80 HTTP requests.
sudo dnf install httpd -y
sudo apachectl start
sudo systemctl enable httpd
sudo apachectl configtest
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload
sudo bash -c 'echo "This is APP server 1 running on Oracle Cloud Infrastructure | Hostname: $(hostname) | Date: $(date)" > /var/www/html/index.html'
🔹 6. Verify Apache site is up
Do a
curl localhost:80
to verify the Apache site and connectable.
Congratulations, you have set up your Apache site.
4️⃣ Create a self-signed SSL certificate
A self-signed certificate allows you to connect to the HTTPS version of your deployed site in an untrusted manner. You will still need to download an authenticated SSL certificate from a trusted partner like DigiCert, Let's Encrypt, or Google Trust Services in a production environment.
Run this command:
openssl req -x509 -nodes -newkey rsa:2048 -keyout private.key -out certificate.crt -days 7
You may skip (press Enter) on all options to leave them as default.
This will create a temporary self-signed SSL certificate valid for 7 days in the form of two files: certificate.crt and private.key.
5️⃣ Create a Load Balancer with the SSL certificate
🔹 1. Select a public application Load Balancer
Go to the OCI Load Balancers page and create a new load balancer. Select the Public option.
🔹 2. Select the public subnet option
We'll add a network security group later.
🔹 3. Add the instance as our backend
Leave the health check as the default (HTTP port 80 with status code 200).
Turning on Use SSL for the backend set is optional. We will keep this turned off.
🔹 4. Leave automatic security rule changes as the default
No changes needed here.
🔹 5. Add SSL certificate
As we're moving into the listener creation step, we'll choose the Load balancer managed certificate option for Certificate resource and begin adding the two files we created before.
Make sure that you upload the two files to the correct spots:
- SSL certificate <-
certificate.crt - CA certificate <-
certificate.crt - Private key <-
private.key - Private key passphrase <- leave empty
Leave the SSL policy settings as the default.
🔹 6. Create the load balancer
You may turn off the Error logs. We'll proceed to clicking Submit to create the application load balancer.
6️⃣ Allow incoming https requests to load balancer
Go back to the Virtual Cloud Networks page and go to the VCN you created. Go under Security and select the default security list, which should be the security list that is used by the public subnet.
Click Add Ingress Rules
Add a port 443 for https requests from all sources (0.0.0.0/0)
7️⃣ Test connection
Go back to the load balancer you created. Copy the public IP address of the load balancer.
Copy paste the IP address to your web browser, prefixing a https:// at the beginning.
There might be a privacy warning shown. This is expected since you are using an untrusted SSL certificate that you created on your own.
💠 BONUS: Deploy on a URL
You can also add the public IP address to your DNS provider with an A record to get to the site on a normal URL. I use CloudFlare for example:
However, since I am using CloudFlare, CloudFlare already gives me free trusted SSL certificates to use. So I'll:
- Remove the self-signed SSL certificate from the load balancer; 2. Change the listener port to 80 on HTTP;
- Add an ingress 80 rule to my public subnet's security list; and
- Turn on Proxy status on my CloudFlare page.
Safe harbor statement
The information provided on this channel/article/story is solely intended for informational purposes and cannot be used as a part of any contractual agreement. The content does not guarantee the delivery of any material, code, or functionality, and should not be the sole basis for making purchasing decisions. The postings on this site are my own and do not necessarily reflect the views or work of Oracle or Mythics, LLC.
This work is licensed under a Creative Commons Attribution 4.0 International License.