SSL (Secure Sockets Layer) is an cryptographic tool that allows you to encrypt a web connection on your server. Even if you are not familiar with the term, you have likely seen it in action if you have logged onto a website for banking or even social networking. The distinctive “HTTPS” rather than “HTTP” in the address bar is an indication that SSL is in use.
If you need SSL for an e-commerce shopping cart, you should purchase a valid SSL certificate from a trusted certificate authority. If you only need it for backend pages or to secure a control panel, however, using a self-signed certificate may suffice, since only you or your IT staff will access it. Many control panels have this functionality built into them, but if you need to do it manually, this guide should help.
1. Generate a key. The first step is to generate an SSL key.
openssl genrsa -des3 -out server.key 1024
The output will look something like this:
Generating RSA private key, 1024 bit long modulus
e is 65537 (0x10001)
Enter pass phrase for server.key:
2. Enter a pass phrase as instructed.
3. Generate a CSR (Certificate Signing Request)
openssl req -new -key server.key -out server.csr
It will ask you to enter the same pass phrase and then prompt you to enter information about the certificate, such as country, state, organization name, and “common name” (the site’s domain name). Make sure you enter in the correct domain name so that it does not give browsers an extra error on top of the one it will already give for having an unrecognized certificate authority (CA).
4. Remove the pass phrase. This is done to avoid having to enter it every time you restart Apache.
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
5. Generate the self-signed certificate. In this example, it will be a temporary certificate for 365 days.
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
6. Install the private key and certificate. Note: the exact location will vary depending on where your operating system installs Apache.
cp server.crt /usr/local/apache/conf/ssl.crt
cp server.key /usr/local/apache/conf/ssl.key
You will need to configure your websites to use SSL, something you can most likely do in your control panel. If you not, see your web server’s documentation.
7. Restart Apache.
service httpd restart
or for some distributions: