Apache Self-SSL setup

yum install mod_ssl openssl

First, you need install mod_ssl and openssl via yum

1. Create the key and request:

openssl req -new > new.cert.csr

2. Remove the passphrase from the key (optional):

openssl rsa -in privkey.pem -out new.cert.key

(If you do not remove the passphrase in this step, you are required to enter the passphrase when you start Apache.) 3. Convert request into signed cert (If you pass to third-party CA ,such as godaddy.com , paste csr code and wait the cer back) :

openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key

4. Edit the Apache SSL config file /etc/httpd/conf.d/ssl.conf, set the correct path of the following directives:

SSLCertificateFile /path/to/certs/new.cert.cert SSLCertificateKeyFile /path/to/certs/new.cert.key

5. For example, if you want to restrict the location "http://127.0.0.1/secret" to be accessed only via SSL, add the following lines to your main Apache config file /etc/httpd/conf/httpd.conf:

<Location /secret/> SSLRequireSSL </Location></p>

/etc/init.d/httpd restart

#------------------------------------------------------------------
Set up Virtualhost (Optional) :

VirtualHost *:80 <Directory /var/www/vhosts/yoursite.com/httpdocs> AllowOverride All </Directory> DocumentRoot /var/www/vhosts/yoursite.com/httpdocs ServerName yoursite.com </VirtualHost>

Just as you set virtual hosts for http on port 80 so you do for https on port 433. A typical virtual host for a site on port 80 looks like this

NameVirtualHost *:443

To add a sister site on port 443 you need to add the following at the top of your file

<VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key <Directory /var/www/vhosts/yoursite.com/httpsdocs> AllowOverride All </Directory> DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs ServerName yoursite.com </VirtualHost>

and then a VirtualHost record something like this:

/etc/init.d/httpd restart