don’t feed the seagulls

Originally found at How to create a self-signed Certificate

1. Generate server key

   openssl genrsa -des3 -out server.key 1024

2. Generate csr

   openssl req -new -key server.key -out server.csr

3. Remove passphase so apache don’t ask for it on every server start

   cp server.key server.key.org
   openssl rsa -in server.key.org -out server.key

4. Create self signed certificate

   openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

5. Copy certificate to Apache dir

   cp server.crt /usr/local/apache/conf/ssl.crt
   cp server.key /usr/local/apache/conf/ssl.key

6. Configure Apache to use the certificate

   SSLEngine on
   SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
   SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
   CustomLog logs/ssl_request_log
       "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"