This blog entry describes how to configure mod_ssl on Ubuntu. This is designed as a quick reference for configuration.

   sudo -i
   openssl genrsa 1024 > www.mysite.com.key
   openssl req -new -key www.mysite.com.key &gt; www.mysite.com.csr</pre>
   

Make sure the “Common Name” is your host name.  In this example its “www.mysite.com”

You can then give your CSR file to rapidssl, register.com, or other certificate provider.

To create a self-signed certificate “”a.k.a. snake oil” you can do the following:

sudo openssl x509 -req -days 365 -in www.mysite.com.csr -signkey www.mysite.com.key -out www.mysite.com.crt

Instead of creating a snake oil certificate, here is where you can go buy a certificate. Replace the SSLCACertificateFile with the one you get from the certificate vendor.

In /etc/apache2/sites-available/default-ssl. Make sure to add the ServerName directive. Make sure your SSL certs point to real files that exist.  See example:


  <IfModule mod_ssl.c>;
  <VirtualHost _default_:443>
  ServerAdmin webmaster@localhost
  ServerName www.mysite.com
  DocumentRoot /var/www
  <Directory>
 ..
 ..
 #   SSL Engine Switch:
 #   Enable/Disable SSL for this virtual host.
 SSLEngine on
 SSLCertificateFile /etc/apache2/ssl/www.mysite.com.crt
 SSLCertificateKeyFile /etc/apache2/ssl/www.mysite.com.key
 SSLCACertificateFile /etc/apache2/ssl/www.mysite.com.crt
 ..
 ..
</VirtualHost>
</IfModule>

Also make sure you enable the ssl and the default-ssl site configuration!

sudo a2enmod ssl
a2ensite default-ssl
/etc/init.d/apache2 reload