Apache SSL: Creating a
Installing Apache and OpenSSL separately. This page is only for installing Apache and OpenSSL separately. Installing from the package starts on page 2 and
completes on page 6.
1. Creating a Certificate Request. You now have to create a
certificate to be used when clients connect to your server using https.
The first step in obtaining a SSL certificate is to create a certificate
request. Open the command window and navigate to the location of Apache/modssl.
Type in openssl req -config openssl.cnf -new -out my-server.csr. This
will create the certificate request and a private key.
You will be prompted to enter a PEM pass phrase and then to verify it.
Enter 12345 or you can enter your own pass phrase. This is used to
protect your private key from being read or modified by an unauthorized
Now you must enter the information that will be entered into your
certificate. Enter the geographical, organizational, and contact
information. You will also be prompted to enter extra attributes, which
is a challenge password that will be sent with your certificate. Enter
test or create your own password. Press Enter to create your certificate
When asked for the Common Name or the Domain Name, give the exact domain
name of your server. If the name does not match browsers will produce a
warning message about the name mismatch when clients visit the site.
2. Remove Pass Phrase. Now you need to remove the pass phrase
from the private key you just created. Your private key should only be
readable by the Apache server and the administrator, which is done using
the pass phrase. Enter openssl rsa -in privkey.pem -out my-server.key to
remove the pass phrase from the private key.
You will be prompted for the pass phrase you created from your private
key to complete the task. Enter 12345 or the pass phrase you created and
press Enter to continue. The output is your private key without the pass
You should also delete the .rnd file created in the Apache/modssl bin
folder because it contains the entropy information for creating the key
and could be used for cryptographic attacks against your private key.
3. Creating a Certificate. Now you can create your certificate
using the certificate request you generated earlier. This certificate
will be self signed. Enter openssl x509 -in my-server.csr -out my-server.cert
-req -signkey my-server.key -days 365
4. Importing your Certificate and Key. To import your key and
certificate into apache you must create a folder to hold them, which
will be ssl. Create the ssl folder under Apache/Apache2/conf and copy
my-server.key and my-server.cert into it. Your key and certificate was
created in Apache/modssl under the bin folder.