Install openssl
==================
sudo apt-get install openssl
Create a select key
==================
e.g. server.key
# Do not use 2048 byte key - It does not work on modern browsers.
sudo openssl genrsa -out server.key 4096 # e.g. no password
Alternative: with a password (e.g. server.key)
# Do not use 2048 byte key - It does not work on modern browsers.
sudo openssl genrsa -des3 -out server.key 4096
Create a public key
==================
e.g. server.csr
sudo openssl req -new -key server.key -out server.csr
Create a signed certificate
==================
e.g. server.crt / Expiration is ten (10) years
sudo openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Copy the keys to an appropriate directory
==================
Note a permission to copy destination
sudo cp server.crt /etc/ssl/certs/; sudo cp server.key /etc/ssl/private/
Edit /etc/apache2/sites-available/default-ssl
==================
sudo vi /etc/apache2/sites-available/default-ssl
Comment out the following two lines:
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
Add the following two lines:
SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key
Enable mod_ssl
==================
Apache2 SSL module:
sudo a2enmod ssl
sudo a2ensite default-ssl
Restart Apache2
==================
Answer the secret key's password
sudo /etc/init.d/apache2 force-reload && sudo /etc/init.d/apache2 restart
Optional: Aways enable SSL
==================
sudo a2enmod rewrite
sudo vi /etc/apache2/sites-available/default
Insert these lines at the bottom part in between...:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Optional: Add +ExecCGI
==================
sudo vi /etc/apache2/sites-available/default-ssl