Apache 1.3 SSL (OpenSSL)

In my last tutorial I went over a basic installation of Apache on FreeBSD – of course :).

In this one, I'm going to go over enabling SSL for Apache.

Prerequisites are of course that you have already installed Apache from ports (/usr/ports/www/apache13-modssl).

So let's start!

1. Boot the FreeBSD VirtualBox and type: cd /usr/local/www/openssl and press enter.

2. Type make install clean to install the port.

You'll get a prompt to select options for openssl. Take the defaults and also add MD2. Then use the TAB key to select OK and continue.

If all went well you should see something like this in the end of the compiling.

The next step is to go ahead and issue a certificate! This is what's called a 'self-signed' certificate. It means that a well known authority (usually a security company such as Comodo or Verisign) has not verified that you are who you claim to be.

In practical terms, it means that all data sent from the server to a browser will still be encrypted, but the user will get a warning message.

To issue a certificate type in the following:

openssl req -new -x509 -nodes -out /usr/local/etc/apache/ssl.crt/server.crt -keyout /usr/local/etc/apache/ss.key/server.key -days 3650

Then openssl will ask you a bunch of questions like Country, organization name etc. Since this is a self-signed crertificate what you enter doesn't really matter.