- Created: 29 September 2011
To generate a certificate and certificate signing request for apache so that you can use HTTPS.
1. Install openssl
apt-get install openssl # Debian/Ubuntu
yum install openssl # Red Hat/Fedora
2. Create a new directory to contain your certificates
mkdir /etc/ssl/example.com && cd /etc/ssl/example.com
3. Generate the private keyfile.
openssl genrsa -out example.com.key 2048
4. Protect the private keyfile, use restrictive permissions and make it owned by the web server user
chmod 600 example.com.key
chown www-user example.com.key # Debian/Ubuntu
chown apache example.com.key # Red Hat/Fedora
5. Generate the certificate signing request
openssl req -new -key example.com.key -out example.com.csr
6. You'll need to provide the .csr file to your certificate authority to generate the signed certificate. You can find free (30 day) trial certificates by searching on Google.
7. Once you have the signed certificate, place it in /etc/ssl/example.com. Then you need to configure apache so that it can find the certificate and keyfile. In your apache configuration file:
8. Test the new configuration:
apache2ctl configtest # Debian/Ubuntu
apachectl configtest # Red Hat/Fedora
9. Restart apache
apache2ctl graceful # Debian/Ubuntu
apachectl graceful # Red Hat/Fedora
10. Browse to your new site (Using the SSL connection):