Make an SSL key, CSR, and cert for use with Apache
In order to use Apache with mod_ssl or Apache-ssl, you'll need a certificate signed by a trusted Certificate Authority. In this example, we'll assume that you're generating a cert to be used at https://propaganda.discordia.eris/. To generate a key with OpenSSL:
hagbard@fnord:~/certs$ openssl genrsa 512/1024 \ > propaganda.discordia.eris.key warning, not much extra random data, consider using the -rand option Generating RSA private key, 512 bit long modulus ..++++++++++++ ...++++++++++++ e is 65537 (0x10001)
This just makes the private key, not the cert. If you'd like to protect this key with a passphrase, use the -des3 option on the command line:
hagbard@fnord:~/certs$ openssl genrsa -des3 512/1024 \ > propaganda.discordia.eris.key warning, not much extra random data, consider using the -rand option Generating RSA private key, 512 bit long modulus .......++++++++++++ .....++++++++++++ e is 65537 (0x10001) Enter PEM pass phrase: Verifying password - Enter PEM pass phrase:
But be warned: you'll need to enter this phrase every time you restart Apache, which can be inconvenient when performing regular maintenance (such as rotating http logs). Weigh the inconvenience against the potential damage done if some miscreant should acquire this key. If you lose the passphrase, it is essentially unrecoverable, so keep it safe!
Next you'll need to generate the Certificate Signing ...