How do I create a SSL Certificate using Apache?

(Portions of this document have been taken from http://httpd.apache.org/docs/2.2/ssl/) Here is a step-by-step description: 1. Make sure OpenSSL is installed and in your PATH. 2. Create a RSA private key for your Apache server (will be Triple-DES encrypted and PEM formatted): $ openssl genrsa -des3 -out server.key 1024 Please backup this server.key file and the pass-phrase you entered in a secure location. You can see the details of this RSA private key by using the command: $ openssl rsa -noout -text -in server.key 3. Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted): $ openssl req -new -key server.key -out server.csr Make sure you enter the FQDN ("Fully Qualified Domain Name") of the server when OpenSSL prompts you for the "CommonName", i.e. when you generate a CSR for a website which will be later accessed via https://www.foo.dom/, enter "www.foo.dom" here. You can see the details of this CSR by using $ openssl req -noout -text -in server.csr 4. You now have to send this Certificate Signing Request (CSR) to LSU's Certifying Authority (CA) to be signed. Once the CSR has been signed, you will have a real Certificate, which can be used by Apache. Go to www.lsu.edu/pki and click the second link (Request a new certificate by uploading a CMC or PKCS #10 request file) to get your CSR signed. Open the CSR with a text editor and paste the contents text of the CSR there. Once your CSR has been signed you will receive and email containing the text of your signed CST. Copy the contents to a file named server.crt. 5. Download LSU Issuing CA 1's certificate in Base 64 format from www.lsu.edu/pki. Rename the file from .cer to .crt and place it in the same location as your server.key. 6. You can now see the details of the Certificate as follows: $ openssl x509 -noout -text -in server.crt 7. You should now have three files: server.key, ca.crt and server.crt. These can be used as follows in your httpd.conf file: SSLCertificateFile /path/to/this/server.crt SSLCertificateKeyFile /path/to/this/server.key SSLCertificateChainFile /path/to/this/ca.crt The server.csr file is no longer needed. Please go to http://httpd.apache.org/docs/2.2/ssl/ for further details.