Para hacer pruebas con HTTPS sin disponer de un certificado ‘real’, se generan las correspondientes key y crt según se describe a continuación.

  • Generamos primero nuestra clave privada:

developer# /usr/local/ssl/bin/openssl genrsa -out developer.key 1024
Generating RSA private key, 1024 bit long modulus
………++++++
………++++++
e is 65537 (0x10001)

  • Crearemos el archivo de request para un certificado nuevo.

developer# /usr/local/ssl/bin/openssl req -new -key developer.key -out developer.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:ES
State or Province Name (full name) [Some-State]:Barcelona
Locality Name (eg, city) []:Barcelona
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company
Organizational Unit Name (eg, section) []:Development Department
Common Name (eg, YOUR name) []:
Email Address []:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

  • Firmamos el certificado con nuestro propio certificado (es una guarrada pero total, es para desarrollo):

developer# /usr/local/ssl/bin/openssl x509 -req -days 365 -in developer.csr -signkey developer.key -out developer.crt
Signature ok
subject=/C=ES/ST=Barcelona/L=Barcelona/O=My Company/OU=Development Department
Getting Private key

  • En el servidor Apache configuraremos dos líneas del archivo ssl.conf para que incluya los dos archivos generados:

SSLCertificateFile    /usr/local/apache/etc/ssl.crt/developer.crt
SSLCertificateKeyFile /usr/local/apache/etc/ssl.crt/developer.pem

  • Reiniciamos el servidor con ./apachetl -k startssl