by Dave Kimble at www.peakoil.org.au
This explanation assumes you have a Windows PC with WampServer 2.0i installed.
It could easily be adapted for other situations.
You are going to create 3 files - "xxxx.key", "yyyy.key" and "yyyy.crt" .
The first is used to hold a password that gives you ownership access to the other two files.
"xxxx" and "yyyy" can be anything you choose,
in the example below they are "pass" and "servername".
Click on Start > Run... > cmd >
This will bring up the command line processor.
Type> CD C:\wamp\bin\apache\Apache2.2.11\bin
This will take you to the folder with the file "openssl.exe" in it.
Type> openssl genrsa -aes256 -out pass.key 2048
This will ask for a pass phrase twice,
and will result in the file "pass.key" being created.
Type> openssl rsa -in pass.key -out servername.key
This will ask you for the pass phrase again,
and will result in the file "servername.key" being created.
Type> openssl req -new -x509 -nodes -sha1 -key servername.key -out servername.crt -days 999 -config C:\wamp\bin\apache\apache2.2.11\conf\openssl.cnf
It will ask you to enter values for seven fields that will be saved in your certificate:
Country Code, State, Locality, Organisation Name, Organisation Unit, Common Name, and email address.
[ When users of your secure web site (https://your-secure-site.com ) visit for the first time, their browser will probably warn them about the self-signed certificate because it has no verification chain. They will then look at the certificate details to see whether they trust the site anyway. The values you put in the fields above are all they have to go on, so they should be meaningful. ]
This will result in the file "servername.crt" being created.
The 3 files can then be moved to wherever they are required.
Whatever the location, the Apache configuration file will need to set pointers to them, for example:
SSLCertificateFile "C:/wamp/bin/apache/Apache2.2.11/conf/ssl/servername.crt"
SSLCertificateKeyFile "C:/wamp/bin/apache/Apache2.2.11/conf/ssl/servername.key"
That's it.
There is just one oddity with Windows XP -
the file ".../Apache2.2.11/conf/openssl.cnf" has a file extension ".cnf" that WinXP thinks is a Speed Dial extension, and that the extension should be hidden, so although the file is really OK, it looks like this in Explorer:
but don't worry about it, it really is "openssl.cnf".