SSL

From The System Administrator Zone

How to Create a Self Signed SSL Key for Your Server

Generate the server's private key using a 1024-bit key and the RSA algorithm

openssl genrsa -out server.key 1024

Generate a Certificate-Signing Request

openssl req -new -key server.key -out server.csr

Fill in the required information at the prompts

Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:California
Locality Name (eg, city) [Newbury]:Palo Alto
Organization Name (eg, company) [My Company Ltd]:eQuoria Networks
Organizational Unit Name (eg, section) []: 
Common Name (eg, your name or your server's hostname) []:hostname.equoria.net
Email Address []:user@example.net

Please enter the following 'extra' attributes to be sent with your certificate request

A challenge password []:              <!-- just leave these two blank for a self signing request -->
An optional company name []:

The really important one is the Common Name. It must match the fully qualified host name of the SSL site. Otherwise, Rhino Deck, connecting clients will get a prompt about a mismatch between the certificate's host name and the actual host name of the server.

Note that I left the password blank. If you don't do this, Apache will prompt you for the certificate password each time you start the server.

Create a self-signed certificate from the certificate-signing request (.csr file)

openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

The days option in the example is good for ten years. Your expiration can't to go past "Jan 19, 2038 04:14:07", because of the "Year 2038" bug. If you try to go beyond that date, your certificate will be expired on creation.

Remove the Certificate-Signing Request

You don't need it any more.

rm server.csr

Move the files to Their Final Home

Put the .crt and .key files into Apache's SSL directory and configure Apache to use them. This location is normally defined in your the /etc/httpd/conf/httpd.conf file.

SSL Certificates

gatech.edu SSL Certificates HOWTO
SSL Certificates HOWTO
Here is a link to the O'Reilly Apache Guide which covers this. Fortunately, it is the sample chapter for the book.
Chapter 11: Security


<amazon>0596002033</amazon>