Sep 052009
 

Creating certificate change kutukupret.com to whatever your domain name is

# mkdir /usr/share/ssl/certs/hostname.kutukupret.com
# cd /usr/share/ssl/certs/hostname.kutukupret.com
(umask 077 && touch host.key host.cert host.info host.pem)
# openssl genrsa 2048 > host.key
# openssl req -new -x509 -nodes -sha1 -days 3650 -key host.key > host.cert
...[enter *.kutukupret.com for the Common Name]...
# openssl x509 -noout -fingerprint -text < host.cert > host.info
# cat host.cert host.key > host.pem
# chmod 400 host.key host.pem

In apache

SSLEngine on
SSLCertificateFile /path/to/host.cert
SSLCertificateKeyFile /path/to/host.key
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM
Sep 052009
 

Due to the nature of the SSL layer in HTTPS, negotiating a secure connection happens before the HTTP protocol is initiated. That means that at the time the SSL layer is in play, the “Host” header has not been sent and, therefore, apache cannot determine which NameVirtualHost to use.

If you’re self-signing your certificates, the browser is going to throw a warning anyway. Might as well just make it as generic as possible and then all traffic running on through the HTTPS port will share the same certificate.