[Apache] SSL (self-signed & purchased version)
[Self-signed]
Generate a host key:
sudo ssh-keygen -f host.key
Generate a certificate request file
sudo openssl req -new -key host.key -out request.csr
Type what you want:
Country Name (2 letter code) [AU]:TW
State or Province Name (full name) [Some-State]:Taiwan
Locality Name (eg, city) []:Taipei
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Create the SSL certificate
sudo openssl x509 -req -days 365 -in request.csr -signkey host.key -out server.crt
Create a nopass’ key (optional)
openssl rsa -in host.key -out host.nopass.key
Configure Apache
LoadModule ssl_module libexec/apache2/mod_ssl.so
SSLEngine on
SSLCertificateFile "/etc/apache2/ssl/server.crt"
SSLCertificateKeyFile "/etc/apache2/ssl/host.nopass.key"
sudo apachectl configtest
sudo apachectl restart
p.s. enable mods: sudo a2enmod ssl
enable sites: sudo a2ensite default-ssl
[Purchased (Symantec)]
[http://www.symantec.com/tv/products/details.jsp?vid=1452855338001]