1) Generate a key:
$ openssl genrsa -out www.example.com-key 2048
Generating RSA private key, 2048 bit long modulus
2) Generate a Certificate Sigining Request (CSR):
$ openssl req -new -key www.example.com-key -out
www.example.com-csr
You are about to be asked to enter information that will be
incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished
Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
State or Province Name (full name) [Berkshire]:Greater London
Locality Name (eg, city) [Newbury]:London
Organization Name (eg, company) [My Company Ltd]:Acme Websites
Ltd.
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname)
[]:www.example.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
3) Buy a certificate:
You can buy certificate from verisign, or thwate or such CA. What you need to do is goto website of these Certificate Authority and submit your csr file.
4) Setup an SSL Vhost:
ServerName "www.example.com"
SSLEngine on
SSLCertificateFile "/etc/httpd/conf/ssl/www.example.com-cert"
SSLCertificateKeyFile "/etc/httpd/conf/ssl/www.example.com-key"
...
$ openssl genrsa -out www.example.com-key 2048
Generating RSA private key, 2048 bit long modulus
2) Generate a Certificate Sigining Request (CSR):
$ openssl req -new -key www.example.com-key -out
www.example.com-csr
You are about to be asked to enter information that will be
incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished
Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:Greater London
Locality Name (eg, city) [Newbury]:London
Organization Name (eg, company) [My Company Ltd]:Acme Websites
Ltd.
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname)
[]:www.example.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
3) Buy a certificate:
You can buy certificate from verisign, or thwate or such CA. What you need to do is goto website of these Certificate Authority and submit your csr file.
4) Setup an SSL Vhost:
ServerName "www.example.com"
SSLEngine on
SSLCertificateFile "/etc/httpd/conf/ssl/www.example.com-cert"
SSLCertificateKeyFile "/etc/httpd/conf/ssl/www.example.com-key"
...