Woojar

Step 1. Generate RSA and CSR
OPTION 1: Generating a RSA private key without a passphrase (ME recommended)
[root@localhost/etc/httpd/conf/ssl.key]# openssl genrsa -out MYdomain.com.key 1024

OPTION 2: Generating a RSA private key with a passphrase. You will be prompted to enter a passphrase right after you hit enter.
[root@localhhost/etc/httpd/conf/ssl.key]# openssl genrsa -des3 -out MYdomain.com.key 1024

You should NOT generate the RSA private key with a passphrase if you have scripts that restart apache automatically. If you have, then apache just sit there and wait for the script to input the passphrase which is a mess!
There is a method that you can disable the passphrase to prompt when you restart apache which I’ll show you later~

[root@localhost] /etc/httpd/conf/ssl.csr]# openssl req -new -key MYdomain.com.key -out MYdomain.com.csr
Step 2. Generate local certificate CRT

[root@localhost] openssl  x509 -req -days 30 -in MYdomain.com.csr -signkey MYdomain.com.key -out  MYdomain.crt

Step 3. Configure httpd.conf

Listen 443
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300

<VirtualHost _default_:443>                                                
ErrorLog logs/ssl_error_log                    
TransferLog logs/ssl_access_log
LogLevel warn                                                          
SSLEngine on                                                               
SSLCertificateFile /usr/local/apache2/openssl/MYdomain.com.crt              SSLCertificateKeyFile /usr/local/apache2/openssl/MYdomain.com.key         
</VirtualHost>

Related posts

• [转]LINUX一句话问答 (0)
• Wireless configuration in Linux (0)
• Weird hardisk I/O buffer error (0)
• Ubuntu Release Candidate 8.04 Is Out (0)
• Too much to learn (0)