Sep 052009

Creating certificate change to whatever your domain name is

# mkdir /usr/share/ssl/certs/
# cd /usr/share/ssl/certs/
(umask 077 && touch host.key host.cert host.pem)
# openssl genrsa 2048 > host.key
# openssl req -new -x509 -nodes -sha1 -days 3650 -key host.key > host.cert
...[enter * for the Common Name]...
# openssl x509 -noout -fingerprint -text < host.cert >
# cat host.cert host.key > host.pem
# chmod 400 host.key host.pem

In apache

SSLEngine on
SSLCertificateFile /path/to/host.cert
SSLCertificateKeyFile /path/to/host.key
SSLProtocol all
Sep 052009

Due to the nature of the SSL layer in HTTPS, negotiating a secure connection happens before the HTTP protocol is initiated. That means that at the time the SSL layer is in play, the “Host” header has not been sent and, therefore, apache cannot determine which NameVirtualHost to use.

If you’re self-signing your certificates, the browser is going to throw a warning anyway. Might as well just make it as generic as possible and then all traffic running on through the HTTPS port will share the same certificate.