<IfDefine HAVE_SSL> Listen 443 <VirtualHost _default_:443> DocumentRoot "/var/www/lmc" SSLEngine on SSLCipherSuite HIGH:MEDIUM SSLCertificateFile /usr/share/ssl/certs/lmc.crt SSLCertificateKeyFile /usr/share/ssl/certs/lmc.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown </VirtualHost> </IfDefine>
openssl genrsa 1024 > /usr/share/ssl/certs/lmc.keyAfter we made a new key, we can create a certificate for authentication. The <numdays> parameter specifies how long the certificate will be valid. This should be 365 or more days.
openssl req -new -key /usr/share/ssl/certs/lmc.key -x509 -days <numdays> -out /usr/share/ssl/certs/lmc.crtYou will be asked a few questions (see example below):
| Country Name (2 letter code) | DE |
| State or Province Name (full name) | Germany |
| Locality Name (eg, city) | Nuremberg |
| Organization Name (eg, company) | Linuxnetworks |
| Organizational Unit Name (eg, section) | Department name (if any) |
| Common Name (eg, YOUR name) | DNS name of your server (e.g. mail.linuxnetworks.de) |
| E-mail Address | Email address for technical support (e.g. admin@linuxnetworks.de) |
Then you should have a key and a certificate for your server. In order to protect them against an attacker (who has hopefully no root access), change the rights to read and write for root only:
chmod 600 /usr/share/ssl/certs/lmc.key /usr/share/ssl/certs/lmc.crtThe result is a self signed certificate for low authentication requirements. If you want security on a higher level, let a trust center sign your certificate.