====== SSL Configuration ======

   - generate keys
   - add key to config, create virtual host entries
   - edit /etc/apache2/ports.conf and add **Listen 443**
   - add new virtual to /etc/apache2/apache2.conf, **~[[namevirtualhost]] 208.151.246.84:80**


===== Generate key request =====

per http://www.tc.umn.edu/~brams006/selfsign.html

  * openssl genrsa -des3 -out server.key 4096
  * openssl req -new -key server.key -out server.csr
  * openssl x509 -req -days 1460 -in server.csr -signkey server.key -out server.crt
  * openssl rsa -in server.key -out server.key.insecure
  * mv server.key server.key.secure
  * mv server.key.insecure server.key

sign key with CA





\\
\\
{{tag>computer ssl}}