The first thing is to chose your key size 1024, 2048 or 4096 then you should run these command (you need to chose a private password and remember it.)
apt-get install openssl openssl genrsa -des3 -out server.key 2048 openssl req -new -key server.key -out server.csr cp server.key server.key.com openssl rsa -in server.key.com -out server.key openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt mkdir /etc/apache2/ssl cp server.crt /etc/apache2/ssl/apache.crt cp server.key /etc/apache2/ssl/apache.key
will creating a new certification it will ask you questions like your company name and more. the fallowing lines are an example:
openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: myreallylongpassword You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CA State or Province Name (full name) [Some-State]:Quebec Locality Name (eg, city) :Montreal Organization Name (eg, company) [Internet Widgits Pty Ltd]:Wireless Army Organizational Unit Name (eg, section) :IT-Security Common Name (e.g. server FQDN or YOUR name) :wirelessarmy.com Email Address :firstname.lastname@example.org Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : (optional) An optional company name :Wireless Army
The "challenge password" requested as part of the CSR generation, and the pass phrase used to encrypt the secret key (requested at key generation time, or when a plain text key is later encrypted - and then requested again each time the SSL-enabled service that uses it starts up), are two separate and different things.
If you enter a challenge password you will be prompted for the password every time Apache starts or your server reboots.
now open the /etc/apache2/sites-availble
change the port from 80 to 443 the add fallowing lines beetween the <VirtualHost *:443> and </VirtualHost>
SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key
now you should run these commands
a2enmod ssl a2ensite default-ssl service apache2 reload service apache2 restart
remember that because it's self signed people will see an error that says The site's security certificate is not trusted! and a button to go to site anyway. it's good for development processes but if you want to use it in a real world environment I believe that you should pay for it.