FreeBSD: set up self-signed SSL certificates for Apache virtualhosts


cd /usr/local/etc/apache22/
openssl genrsa -des3 -out server.key 1024

(choose a password)

openssl req -new -x509 -days 3650 -nodes -sha256 -key server.key -out server.crt

answer the questions and you’re done.
Remove the password from the cert:

cp server.key server.key2
openssl rsa -in server.key2 -out server.key


Now enable SSL in httpd.conf:

# Secure (SSL/TLS) connections
Include etc/apache22/extra/httpd-ssl.conf
#

In  /usr/local/etc/apache22/extra/httpd-ssl.conf i have commented out everything from
<VirtualHost _default_:443> to the end of file.
That’s because i’ve moved the vhost stuff inside my existing virtualhost configuration, in /usr/local/etc/apache22/extra/httpd-vhosts.conf.
In your <VirtualHost….> section, change the port to 443 and add:


SSLEngine on
SSLCertificateFile "/usr/local/etc/apache22/server.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/server.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

And if you have some cgi-bin scripts, add this line inside the cgi-bin section:


SSLOptions +StdEnvVars

Restart/reload Apache.