To Create a Security Certificate for Apache

These steps are required to support HTTPS requests on Apache.

For detailed information on setting up a security certificate on Apache, see the instructions on http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html and http://www.modssl.org/docs/2.8/ssl_faq.html. The following procedure is adapted from those web sites.

1. Set up the following environment variable:

   OPENSSL_CONF=OpenSSL-installation-directory/apps/openssl.cnf.

2. Create the server certificate and key by executing the following command:

   openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days 365

   When asked for a common name, give the host name on which you plan to run Apache. For all other prompts, enter values that meet any specific requirements you have.

   This command creates newreq.pem.

3. Open the newly-created newreq.pem from the location where the openssl command was run.

4. Copy the lines beginning with BEGIN CERTIFICATE and ending with END CERTIFICATE and paste them in Apache-install-dir/conf/ssl.crt/server.crt. For example:

   -----BEGIN CERTIFICATE----- .... ... -----END CERTIFICATE-----

5. Copy the lines beginning with BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY and paste them in Apache-install-dir/conf/ssl.key/server.key. For example:

   -----BEGIN RSA PRIVATE KEY----- ... ... ... -----END RSA PRIVATE KEY-----

6. Make sure that the variables SSLCertificateKeyFileand SSLCertificateFile in Apache-install-dir/conf/ssl.conf for Apache 2.0.x or in Apache-install-dir/conf/extra/httpd-ssl.conf for Apache 2.2.x have the correct values.

7. Ensure that the ServerName is not www.example.com. The ServerName should be the actual host name where Apache will run, matching the Common Name you entered when creating the server certificate and key.