FreeBSD: set up self-signed SSL certificates for Apache virtualhosts

Categories: BSD

cd /usr/local/etc/apache22/
openssl genrsa -des3 -out server.key 1024

(choose a password)

openssl req -new -x509 -days 3650 -nodes -sha256 -key server.key -out server.crt

answer the questions and you’re done.
Remove the password from the cert:

cp server.key server.key2
openssl rsa -in server.key2 -out server.key

Now enable SSL in httpd.conf:

# Secure (SSL/TLS) connections
Include etc/apache22/extra/httpd-ssl.conf

In  /usr/local/etc/apache22/extra/httpd-ssl.conf i have commented out everything from
<VirtualHost _default_:443> to the end of file.
That’s because i’ve moved the vhost stuff inside my existing virtualhost configuration, in /usr/local/etc/apache22/extra/httpd-vhosts.conf.
In your <VirtualHost….> section, change the port to 443 and add:

SSLEngine on
SSLCertificateFile "/usr/local/etc/apache22/server.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/server.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

And if you have some cgi-bin scripts, add this line inside the cgi-bin section:

SSLOptions +StdEnvVars

Restart/reload Apache.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.