CAcert.org is a certificate authority that offers you free public key certificates. Here is a howto that explains the steps to be taken to create server certificate and how to use them with the Apache2 webserver.
1. Add the domain to your CACert.org account
- Login in your CACert.org account and add your domain (Domains > Add).
- Choose your (authority) email address (root@…, hostmaster@…, postmaster@…, admin@…, webmaster@…) CAcert.org should send the verification link to.
- Use the verification link to verify that you are the owner of the domain.
2. Create the certificate
Use the following commands to create your key and the certificate signing request files (thanks to this post):
#cd /etc/apache2/ssl #sudo openssl req -newkey rsa:1024 -subj /CN=www.your-domain.com -nodes -keyout your-domain.com.pem -out your-domain.com.csr.pem #sudo chmod 600 your-domain.com.pem your-domain.com.csr.pem
After the two files are created proceed as follows:
- In your CACert.org account add a new certificate (Server certificates > New).
- Past the content of the (certificate signing request) file your-domain.com.csr.pem into the textarea.
- Check “CommonName” on the next screen and click submit.
- Copy the generated server certificate and past it at the end of your (key) file your-domain.com.pem
3. Configure apache2
Add the SSLEngine and SSLCertificateFile option to your virtual hosts configuration
<IfModule mod_ssl> <VirtualHost *:443> [...] SSLEngine on SSLCertificateFile /etc/apache2/ssl/your-domain.com.pem [...] </VirtualHost> </IfModule>
and restart the apache2 webserver:
#sudo /etc/init.d/apache2 force-reload