Create SSL Certificates and enable SSL on Apache2
Generate a Self-Signed Certificate
Open a terminal and at the shell prompt, enable SSL for Apache:
Then generate the self signed certificates you will need
openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.key
At that point, you will be asked for configuration data. Enter values appropriate for your organization and server, as shown here. This example will create a certificate valid for 365 days; you may wish to increase this value. I’ve used the fully qualified domain name of the apache2 server for the “Common Name” entry. The program then writes out the key file as shown below:
Generating a 1024 bit RSA private key
writing new private key to '/etc/apache2/ssl/apache.pem'
Next the program will ask forr information that will be incorporated into your certificate request.
These data will be used to create a Distinguished Name. There are quite a few fields and while you can some of them leave blank (or enter a enter a “.” which produces alblank entry) I decided to fill all of them in as shown below.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Texas
Locality Name (eg, city) :Houston
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Home
Organizational Unit Name (eg, section) :Web Services
Common Name (eg, YOUR name) :archimedes.mydomain.com
Email Address :firstname.lastname@example.org
Configure Apache to use the Self-Signed Certificate
Since SSL name-based virtual hosts are not supported in /etc/apache2/ports.conf, we’ll need to add an entry for a specific IP address on your VPS as follows. You may use a single IP to provide self-signed SSL service for multiple vhosts, and the same IP may also be used for multiple non-SSL vhosts (HTTPS uses port 443, while HTTP uses port 80).
and enter something like:
Replace “18.104.22.168” with your server’s IP address. Next, edit the virtual host configuration files for sites which you would like to enable SSL on. For each virtual host, you must add the following stanza (change the values as appropriate for each site). Note that this example essentially reproduces the configuration for a non-SSL site, with the addition of three lines for SSL.
File excerpt:Apache virtual hosting file
CustomLog /srv/www/mydomain.com/logs/access.log combined