This section shows how to generate a self-signed certificate that is not protected by a password. The file server.key should be made readable for the webserver only.
This section is only relevant if you don't have a certificate already, and don't prefer to buy one from a certificate authority.
In the following, make sure you enter the FQDN (Fully Qualified Domain Name) of the server when CA.pl prompts you for the "CommonName".
sh# CA.pl -newcert sh# cp newreq.pem newreq.key sh# vi newreq.key
Delete everything from '-----BEGIN CERTIFICATE-----' to '-----END CERTIFICATE-----'.
sh# openssl rsa -in newreq.key -out server.key sh# chown www server.key && chmod 600 server.key sh# cp newreq.pem server.crt sh# vi server.crt
Delete everything from '-----BEGIN RSA PRIVATE KEY-----' to '-----END RSA PRIVATE KEY-----'.
This is just about the minimum to get SSL running. Tell Apache to listen on port 443 (in addition to 80), and configure a virtual host for port 443 with SSL enabled. For more detailed information, refer to the Apache manual at http://httpd.apache.org/docs-project/
Listen 443 <VirtualHost _default_:443> DocumentRoot /var/www ServerName www.example.com SSLEngine on SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key </VirtualHost>