Share this post
FaceBook  Twitter  

To generate a certificate and certificate signing request for apache so that you can use HTTPS.

1. Install openssl

apt-get install openssl # Debian/Ubuntu
yum install openssl # Red Hat/Fedora

2. Create a new directory to contain your certificates

mkdir /etc/ssl/example.com && cd /etc/ssl/example.com

3. Generate the private keyfile.

openssl genrsa -out example.com.key 2048

4. Protect the private keyfile, use restrictive permissions and make it owned by the web server user

chmod 600 example.com.key
chown www-user example.com.key # Debian/Ubuntu
chown apache example.com.key # Red Hat/Fedora

5. Generate the certificate signing request

openssl req -new -key example.com.key -out example.com.csr

6. You'll need to provide the .csr file to your certificate authority to generate the signed certificate. You can find free (30 day) trial certificates by searching on Google.

7. Once you have the signed certificate, place it in /etc/ssl/example.com. Then you need to configure apache so that it can find the certificate and keyfile. In your apache configuration file:

SSLCertificateFile /etc/ssl/example.com/example.com.crt
SSLCertificateKeyFile /etc/ssl/example.com/example.com.key

8. Test the new configuration:

apache2ctl configtest # Debian/Ubuntu
apachectl configtest # Red Hat/Fedora

9. Restart apache

apache2ctl graceful # Debian/Ubuntu
apachectl graceful # Red Hat/Fedora

10. Browse to your new site (Using the SSL connection):

https://example.com