Howto enable ssl and create self-signed ssl certificate
Enable ssl
In my case it was simple. I just ran this line
a2enmod ssl
Generate self-signed ssl certificate
Solution: http://www.akadia.com/services/ssh_test_certificate.html
Just follow instruction carefully. Make sure that i step 2 you need to enter a correct “Common Name”, ie your domain. Step 5 and 6 also different for different distributions and installation …
Summary in case link above is not available anymore:
Step 1: Generate a Private Key
openssl genrsa -des3 -out server.key 1024Step 2: Generate a CSR (Certificate Signing Request)
openssl req -new -key server.key -out server.csr
Step 3: Remove Passphrase from Key
cp server.key server.key.org openssl rsa -in server.key.org -out server.key
Step 4: Generating a Self-Signed Certificate
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crtStep 5: Installing the Private Key and Certificate
(or the location you want to store)
cp server.crt /usr/local/apache/conf/ssl.crt cp server.key /usr/local/apache/conf/ssl.key
Step 6: Configuring SSL Enabled Virtual Hosts
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdownStep 7: Restart Apache and Test
New problem:
ssl_error_ssl2_disabled
Solution in ssl.conf:
# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
## disabled this one
#SSLProtocol all -SSLv2
## use this instead
SSLProtocol all
See also http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html
New problem:
sec_error_untrusted_issuer due to self-signed SSL Certificate
But it is no problem for me since this is for my own usage and test…