FreeBSD-Apache
From IdefixWiki
SSL
Insert the following into your ssl.conf and continue creating the keys:
SSLCertificateFile /usr/local/etc/apache22/ssl_keys/newcert.pem SSLCertificateKeyFile /usr/local/etc/apache22/ssl_keys/req.pem SSLCertificateChainFile /usr/local/etc/apache22/ssl_keys/cacert.pem
New certificate
To create a certificate do the following:
Generate the CA key:
cd /usr/local/etc/apache22/ edit CA.pl and set days to high value like 10-20 years maybe edit /etc/ssl/openssl.cnf CA.pl -newca cp demoCA/cacert.pem .
Generate keypair:
edit CA.pl again and set it to 1-2 years CA.pl -newreq as COMMON NAME put FQDN
Sign the keypair:
CA.pl -sign
Remove the password from keypair:
openssl rsa -in newreq.pem -out req.pem #rm newreq.pem chmod 0600 *
Renew a certificate
Remove from the /usr/local/etc/apache22/demoCA/index.txt the line with the hostname.
Sign the keypair:
cd /usr/local/etc/apache22/ssl_keys /usr/local/ssl/CA.pl -sign
see: http://linio.boo.pl/eng/certs.html http://www.freebsddiary.org/openssl-client-authentication.php
http://www.bsdguides.org/guides/freebsd/webserver/apache_ssl_php_mysql.php
