It took more than I expected to set up Apache SSL on my development system so let’s recap the steps.
Preconditions: openssl and apache2, get sign.sh from here.
1) Setting up a certification authority to self sign the server certificate.
$ mkdir ~/ssl; cd ~/ssl
$ openssl genrsa -des3 -out ca.key 1024
You’ll have to chose a passphrase, store it because you’ll need it every time you’ll sign a certificate.
$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt
$ sudo cp ca.crt /etc/ssl/certs/ca.crt
$ sudo cp ca.key /etc/ssl/certs/ca.key
2) Generating the server certificate.
$ openssl genrsa -out domain.com.key 1024
Do not use a passphrase unless you want to enter it each time you’ll restart Apache.
$ openssl req -new -key http://www.domain.com.key -out http://www.domain.com.csr
Remember that the Common Name (CN) is the name of your server.
$ cd /etc/ssl
$ sudo ~/ssl/sign.sh ~/ssl/www.domain.com.csr
You need the CA passphrase here (from step 1). The certificate is created in ~/ssl/www.domain.com.crt
3) Installing the certificates in Apache
$ cd /etc/apache2/ssl
$ sudo cp ~/ssl/www.domain.com.crt .
$ sudo cp ~/ssl/www.domain.com.key .
$ sudo /etc/init.d/apache2 restart
4) Configuring Apache
Add the following lines to your Apache configuration file
NameVirtualHost a.b.c.d
# Explicitly listen on port 443 for SSL to work
# This really surprised me, shouldn’t Apache do it automatically
# after seeing the VirtualHost 192.168.0.40:443 directive?)
Listen 443
<VirtualHost a.b.c.d:80>
ServerAdmin you@domain.com
DocumentRoot /some/where
ServerName http://www.domain.com
</VirtualHost>
<VirtualHost 192.168.0.40:443>
ServerAdmin you@domain.com
DocumentRoot /some/where
ServerName http://www.domain.com
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/domain.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/domain.com.key
</VirtualHost>
Restart apache
$ sudo /etc/init.d/apache2 restart
That’s it!
Il connettivo 