A self-signed SSL certificate lets you run Apache over HTTPS on Rocky Linux 10 without buying one from a Certificate Authority, which makes it the right call for staging servers, internal apps, and local lab setups where a publicly trusted cert isn’t needed.
A self-signed SSL certificate is a simple way to enable HTTPS on Apache without purchasing a certificate from a Certificate Authority (CA).
Many older tutorials still use a basic openssl req -x509 command to create a certificate. While that works, it often creates a certificate without a Subject Alternative Name (SAN) that modern web browsers such as Chrome and Firefox have required SAN support for years. Without it, visitors will see errors like ERR_CERT_COMMON_NAME_INVALID, even if the certificate’s Common Name appears correct.