I've just configured Apache for SSL and it took longer than I thought it should. I didn't find any straightforward instructions on the web so here's what I eventually did - after a deal of experimentation. These worked for me running apache 2.2.8 under Linux - Hardy Heron.
I generated a self-certified certificate:
openssl req -new -x509 -nodes -out /etc/apache2/server.crt -keyout /etc/apache2/server.key
I enabled ssl:
cd /etc/apache2/mods-enabled ln -s ../mods-available/ssl.load ssl.load ln -s ../mods-available/ssl.conf ssl.conf
I edited the file /etc/apache2/sites-enabled/default so it includes the following at the end:
‹VirtualHost localhost:443› DocumentRoot /var/www/ SSLEngine On SSLCertificateFile /etc/apache2/server.crt SSLCertificateKeyFile /etc/apache2/server.key ‹/VirtualHost›
This should serve all https requests from /var/www.
I restarted apache and used openssl to check things are good:
openssl s_client -connect localhost:443
I was hoping to see output such as:
CONNECTED(00000003) depth=0 /C=GB/ST=warks/L=leam/O=BP/OU=JAD/CN=localhost verify error:num=18:self signed certificate verify return:1 depth=0 /C=GB/ST=warks/L=leam/O=BP/OU=JAD/CN=localhost verify return:1 --- Certificate chain 0 s:/C=GB/ST=warks/L=leam/O=BP/OU=JAD/CN=localhost i:/C=GB/ST=warks/L=leam/O=BP/OU=JAD/CN=localhost --- Server certificate -----BEGIN CERTIFICATE----- ... etc ... -----END CERTIFICATE----- subject=/C=GB/ST=warks/L=leam/O=BP/OU=JAD/CN=localhost issuer=/C=GB/ST=warks/L=leam/O=BP/OU=JAD/CN=localhost --- No client certificate CA names sent --- SSL handshake has read 915 bytes and written 308 bytes --- New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA Server public key is 1024 bit ... etc etc ... Verify return code: 18 (self signed certificate) ---
and I did!