If you want to test SSL on your web server, you probably want to generate a self-signed certificate before ordering up the real one.
There are three steps:
– generate SSL key w/o passphrase
– generate certificate request
– generate self-signed certificate
# cd /etc/httpd/conf # mkdir ssl.key ssl.csr ssl.crt # openssl genrsa -out /etc/httpd/conf/ssl.key/myserver.net.key 1024 # openssl req -new -key /etc/httpd/conf/ssl.key/myserver.net.key -out /etc/httpd/conf/ssl.csr/myserver.net.key.csr # openssl req -new -key /etc/httpd/conf/ssl.key/myserver.net.key -x509 -out /etc/httpd/conf/ssl.crt/myserver.net.crt -days 999 # ln -s ssl.crt/myserver.net.crt server.crt # ln -s ssl.key/myserver.net.key server.key
and add the following to the bottom of your /etc/httpd/conf/httpd.conf file, remembering to substitute your own IPs and hostnames:
NameVirtualHost 192.168.1.19:80
NameVirtualHost 192.168.1.19:443
<VirtualHost foo.myserver.net:80>
ServerName foo.myserver.net
ServerAdmin webmaster@myserver.net
DocumentRoot /var/www/html
</VirtualHost>
<VirtualHost foo.myserver.net:443>
ServerName foo.myserver.net
ServerAdmin webmaster@myserver.net
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile conf/server.crt
SSLCertificateKeyFile conf/server.key
</VirtualHost>
and restart the web server:
# service httpd restart
Now navigate to your https URL in a browser. You will have to add a security exception in your browser for the unvalidated self-signed certificate.