Wednesday, February 25, 2009

Creating a self-signed SSL certificate for apache

Now that the apache2-ssl-certificate utility has disappeared, it takes a few more steps. This gives you an unencrypted server key (so you don't have to enter a password on restart), make the permissions 400:
sudo openssl genrsa -out server.key 2048
sudo openssl req -new -x509 -key server.key -out server.crt -days 1095

If you did create an encrypted key, you can remove the password with:

openssl rsa -in server.key -out server.key.nopass

Then you want the following in your site config:
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
SSLEngine On

And tell it to listen on the right ports in /etc/apache2/ports.conf:
Listen 80
Listen 443

No comments: