We often need to test some sites on local machine or development server. Its good to have ssl environment set so we could test all links etc. For that to work we need a ssl certificate for our apache server. Then we will be able to start apache mod ssl extension.

I show in a few easy steps procedure how to create a certificate and setup a apache host with it.

Procedure

Run commands below if you are using debian/ubuntu linux system. Other systems might have different paths or settings but you will figure it out.

cd /tmp
openssl genrsa -des3 -out private-with-pass.key 1024
openssl rsa -in private-with-pass.key -out private-no-pass.key
openssl req -new -key private-no-pass.key -out request-for-self-sign.csr
openssl x509 -req -days 365 -in request-for-self-sign.csr -signkey /
private-no-pass.key -out self-signed.crt

# optional
mkdir /etc/apache2/ssl.crt
mkdir /etc/apache2/ssl.key

# depends on distribution, does not matter where you keep the key and 
# cert just make it accessible for apache
cp self-signed.crt /etc/apache2/ssl.crt/
cp private-no-pass.key /etc/apache2/ssl.key/

cd /etc/apache2/

# add 443 port to listen config var, it might be in httpd.conf or apache.conf or 
# ports.conf depends on linux distribution
vim ports.conf

# vim sites-available or httpd.conf and add virtual host or general section
SSLEngine on
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/server-no-pass.key

# enable ssl module by adding links to modules-enabled or uncommenting 
# some sections in httpd.conf

/etc/init.d/apache2 stop
/etc/init.d/apache2 start

Important notice

Remember that you will be able to have just one ssl per IP! Its always a surprise for people, why cant i have different certs on differnet virtual hosts? Well you just cant. Its because server needs to know the cert and key first (before any communication on HTTP level is sent or recieved).

So just remember one IP = one ssl cert.