I decided to remove Apache 2.2 and go with 1.3. Why? Because I can. And because 1.3 is found on the majority of sites that run FreeBSD as their OS, and those are the sites that stay online the longest – high availability sites. Although I have no intentions of hosting my own webserver, I like to do stuff because I can.
cd /usr/ports/www/apache13-modssl
make install distclean
echo ‘apache_enable=”YES”‘ >> /etc/rc.conf
echo ‘apache_flags=”-DSSL”‘ >> /etc/rc.conf
cd ~
openssl genrsa -des3 -out server.key 1024
Must enter a pass phrase when prompted
openssl req -new -key server.key -out server.csr
Must also enter passphrase
Use servername for common name
openssl x509 -req -days 365 -in /root/server.csr -signkey /root/server.key -out /root/server.crt
Again, enter passphrase
cp ~/server.key /usr/local/etc/apache/ssl.key/
cp ~/server.crt /usr/local/etc/apache/ssl.crt/
Test:
/usr/local/sbin/apachectl startssl
Enter passphrase when prompted
Browse to webserver via http and https
Remove encryption:
cd /usr/local/etc/apache/ssl.key
cp server.key server.key.orig
openssl rsa -in server.key.orig -out server.key
Restart apache:
apachectl stop
apachectl startssl
No more passphrase, better keep that server secure!