OpenSSL HOWTO

#
# Create your own Apache SSL Certificate, sign it with your
# own CA and integrate it into Apache.
#


# create keyfile for your site
openssl genrsa -des3 -out server.key 1024

# create signing-request for a certificate from your key
openssl req -new -key server.key -out server.csr

# send the server.csr to a Certification Authority (CA) and
# you will receive a server.crt (the certificate)
# or create a CA yourself (for tests only)

---

# create your own ca

# create keyfile for your CA
openssl genrsa -des3 -out ca.key 1024

# create a CA-certificate from your CA-key
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

# sign your signing request (see above) with your CA-key
echo "01" > .mkcert.serial
openssl x509 -days 365 -CAserial .mkcert.serial -CA ca.crt \
-CAkey ca.key -in server.csr -req -out server.crt

---

# As result you got the following files:
#
# server.key your sites server key
# server.csr your signing-request (unnecessary, you can delete it)
# server.crt your sites server certificate (signed!)
# ca.key your CA's key
# ca.crt your CA's Certificat (if you didn't create your own CA,
# you need to get this from your real-world CA!)
#
#
#
#
# Simple Apache-Integration by example:
#
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile ssl/server.crt
SSLCertificateKeyFile ssl/server.key
SSLCertificateChainFile ssl/ca.crt


#
# Useful documentation:
# www.modssl.org/docs/2.8/ssl_overview.html
# httpd.apache.org/docs/ (Apache 1.x.x)
# httpd.apache.org/docs-2.0/ (Apache 2.x.x)
#