To Create a Security Certificate for Apache 2

These steps are required to support HTTPS requests on Apache.

For detailed information on setting up a security certificate on Apache, see the instructions on http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html and http://www.modssl.org/docs/2.8/ssl_faq.html. The following procedure is adapted from those web sites.

1. Go to the appropriate OpenSSL directory:

   • If using Solaris 10, use the preinstalled OpenSSL for certificate creation. cd /usr/sfw/bin

   • If using Solaris 9 or Linux, go to the directory where you installed OpenSSL. You should already have run configure and make for OpenSSL as instructed in To Install SSL-aware Apache.

     Set up an environment variable OPENSSL_CONF=OpenSSL-installation-directory/apps/openssl.cnf.

2. Create the server certificate and key by executing the following command:

   openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days 365

   When asked for a common name, give the host name on which you plan to run Apache. For all other prompts, enter values that meet any specific requirements you have.

   This command creates newreq.pem.

3. Open the newly-created newreq.pem from the location where the openssl command was run.

4. Copy the lines beginning with BEGIN CERTIFICATE and ending with END CERTIFICATE and paste them in Apache-install-dir/conf/ssl.crt/server.crt. For example:

   -----BEGIN CERTIFICATE----- .... ... -----END CERTIFICATE-----

5. Copy the lines beginning with BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY and paste them in Apache-install-dir/conf/ssl.key/server.key. For example:

   -----BEGIN RSA PRIVATE KEY----- ... ... ... -----END RSA PRIVATE KEY-----

6. Make sure that the variables SSLCertificateKeyFileand SSLCertificateFile in Apache-install-dir/conf/ssl.conf have the correct values.

7. Ensure that the ServerName is not www.example.com. The ServerName should be the actual host name where Apache will run, matching the Common Name you entered when creating the server certificate and key.