1.) Download OpenSSL from http://www.openssl.org/source/openssl-1.0.0d.tar.gz:
shell> wget http://www.openssl.org/source/openssl-1.0.0d.tar.gz
2.) You want to at least verify the md5 checksum of the openssl tar source and compare the md5 hash string with the one provided in the Apache web site (for this version: http://www.openssl.org/source/openssl-1.0.0d.tar.gz.md5) OR better yet use GnuPG:
shell> md5sum openssl-1.0.0d.tar.gz
shell> 40b6ea380cc8a5bf9734c2f8bf7e701e openssl-1.0.0d.tar.gz ;: now compare the md5
3.) If everything is well, untar and install:
shell> tar xzvf openssl-1.0.0d.tar.gz
shell> cd openssl-1.0.0d
shell> ./config --prefix=/usr/local/lib/openssl -fPIC
NOTES: I have to use -fPIC for some reason or the configure will keep generating an error but try first without it.
4.) Make a soft link of the bin/openssl
shell> sudo ln -s /usr/local/lib/openssl/bin/openssl /usr/local/bin/
Now we need to create a private key and a certificate.
5.) Lets create our server's private key:
shell> openssl genrsa -des3 -out server.key 1024
6.) Now lets create a Certificate Signing Request (CSR) and sign it using our private key (server.key):
shell> openssl req -new -key server.key -out server.csr
NOTE: You usually send the CSR to a CA or Certificate Authority such as Verisign (Im clueless, never done it) but for now we cannot wait and we want to test! We can act as our OWN Certificate Authority and sign our CSR. This will not be valid for browsers and will tell you the Certificate is not from a valid authority.
7.) Lets use our server's private key (server.key) to sign our Certificate Signing Request (CSR) or you can create another private key acting as a Certificate Authority (CA). From there we can sign and create our own CRT (Certificate):
shell> openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Now we have a Private key (server.key) and a signed certificate (server.crt)
8.) Lets add this public key and certificate to a location we can remember:
shell> mv server.key /usr/local/ssl/privatekeys/
shell> mv server.crt /usr/local/ssl/certificates/
We can start installing Apache 2.
9.) Download Apache 2.
shell> wget http://www.takeyellow.com/apachemirror//httpd/httpd-2.2.19.tar.gz
shell> tar xzvf httpd-2.2.19.tar.gz
10.) Before installing, lets compare the md5 checksum of our package to the ones from Apache.org so we can have a little peace of mind that the integrity of the source files has not been compromised:
shell> md5sum httpd-2.2.19.tar.gz
shell> e9f5453e1e4d7aeb0e7ec7184c6784b5 httpd-2.2.19.tar.gz
*Compare that md5 with this: http://www.apache.org/dist/httpd/httpd-2.2.19.tar.gz.md5
If everything seems to look right, lets proceed with the installation
11.) Install Apache 2 and enable SSL support:
shell> cd httpd-2.2.19
shell>sudo ./configure --prefix=/usr/local/lib/apache2 --enable-mods-shared=most --enable-ssl --with-ssl=/usr/local/lib/openssl
shell> sudo make
shell> sudo make install
12.) If everything went smooth, lets add our private key and certificate to Apache:
shell> sudo vim /usr/local/lib/apache2/conf/extra/httpd-ssl.conf
13.) Look for the line SSLCertificateFile "/usr/local/ssl/server.crt" and SSLCertificateKeyFile "/usr/local/ssl/server.key" and replace it with your proper certificate and key location
Mine will be:
14.) Go to your Apache's httpd.conf and uncomment the include for httpd-ssl.conf
shell> sudo vim /usr/local/lib/apache2/conf/httpd.conf
15.) Make a soft link of apachectl then start Apache:
shell> sudo ln -s /usr/local/lib/apache2/bin/apachectl /usr/local/bin/
shell> sudo apachectl start
IMPORTANT: The above steps are just fast walk through and did not consider any security concerns in setting up Apache. Please research further on how to secure your web server efficiently.