Creating a SSL certificate

Right now I'm having trouble creating a SSL certificate and enabling it on Apache. I've seen a lot of tutorials, but none of them seem to work.

Wondering if anyone could provide me with instructions on how to create a SSL certificate and modify the Apache configuration file. Thanks in advance.
 
Edit /usr/local/etc/apache22/httpd.conf file:
Code:
#    Uncomment:
#    Include etc/apache22/extra/httpd-ssl.conf

Edit /usr/local/etc/apache22/extra/httpd-ssl.conf:
Code:
#    Uncomment and change to your domain name:
#    ServerName www.my_domain.org:443

#    Uncomment and change to your mail address:
#    ServerAdmin webmaster@my_domain.org

And run:
Code:
cd /usr/local/etc/apache22
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
chmod 0400 /usr/local/etc/apache22/server.key
chmod 0400 /usr/local/etc/apache22/server.crt

cd /usr/local/etc/apache22
cp server.key server.key.orig
openssl rsa -in server.key.orig -out server.key

Restart Apache...
 
If you have trouble with the "openssl" program, look into /usr/ports/security/xca. I use it to manage all of the certificates for my WPA2 setup, and it's infinitely more useable than the basic "openssl" program.
 
openssl.cnf can be used to quickly add information that is requested by the above commands, BUT it's not necessary. The commands will ask you for the required information, and they are pretty easy to understand.

When asked for "YOUR name" in these dialogs you enter the full domain name(ie http://www.example.com or subdomain.example.com), and not your name. Can be confusing, but that's pretty much the only thing that isn't pretty clear in the dialogues.
 
Edit /usr/local/etc/apache22/httpd.conf file:
Code:
#    Uncomment:
#    Include etc/apache22/extra/httpd-ssl.conf

Edit /usr/local/etc/apache22/extra/httpd-ssl.conf:
Code:
#    Uncomment and change to your domain name:
#    ServerName www.my_domain.org:443

#    Uncomment and change to your mail address:
#    ServerAdmin webmaster@my_domain.org

And run:
Code:
cd /usr/local/etc/apache22
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
chmod 0400 /usr/local/etc/apache22/server.key
chmod 0400 /usr/local/etc/apache22/server.crt

cd /usr/local/etc/apache22
cp server.key server.key.orig
openssl rsa -in server.key.orig -out server.key

Restart Apache...

I know that a LOT of time is passed since you wrote that,but it works even today. Just some directives should be enabled :

In the httpd.conf, need to turn on mod_ssl.so:
Code:
LoadModule ssl_module modules/mod_ssl.so

Then the next problem is to turn on mod_socache_shmcb.so:
Code:
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

otherwise the error "Can't start Apache: Invalid command 'SSLCipherSuite' will come up. Since some time passed,apache22 today became apache24 :)
 
After eleven years, it may still work but there are better alternatives:

 
Back
Top