HOWTO: Apache SSL in a nutshell

Using the stock RedHat Makefile setup:

1. Make sure you've cleared out older certificates (if any):

# cd /etc/httpd/conf
# rm ssl.key/server.key
# rm ssl.crt/server.crt

2. Generate a passwordless server key:

# /usr/bin/openssl genrsa 1024 > /etc/httpd/conf/ssl.key/server.key
# chmod go-rwx /etc/httpd/conf/ssl.key/server.key

3. Generate your new certificate (you will be prompted for the usual certificate fields):

# make testcert
umask 77 ; \
/usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key
-x509 -days 365 -out /etc/httpd/conf/ssl.crt/server.crt
Using configuration from /usr/share/ssl/openssl.cnf

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [GB]:.
State or Province Name (full name) [Berkshire]:.
Locality Name (eg, city) [Newbury]:.
Organization Name (eg, company) [My Company Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (your name or server's hostname) []:web.local
Email Address []:[email protected]

4. Restart and test:

# /sbin/service httpd restart

See Also: