====== Generate a self-signed certificate ======

https://wiki.centos.org/HowTos/Https

Setting up an SSL secured Webserver with CentOS

Install mod_ssl openssl

Generate private key 
<cli prompt='#'>
root@ubuntu:~# openssl genrsa -out ca.key 2048 
</cli>

Generate CSR 
<cli prompt='#'>
root@ubuntu:~# openssl req -new -key ca.key -out ca.csr -subj "/C=LU/ST=Luxembourg/L=Luxembourg/O=Global Security/OU=IT Department/CN=example.com"
</cli>

The fields, required in CSR are listed below:
^Field^ 	Meaning^	Example^
|/C= |	Country 	|LU|
|/ST=| 	State 	|Luxembourg|
|/L= |	Location 	|Luxembourg|
|/O= 	|Organization 	|Global |Security|
|/OU= |	Organizational |Unit 	|IT Department|
|/CN= 	|Common Name 	|example.com|

Generate Self Signed Key
<cli prompt='#'>
root@ubuntu:~# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Signature ok
subject=/C=LU/ST=Luxembourg/L=Luxembourg/O=Global Security/OU=IT Department/CN=example.com
Getting Private key
</cli>

Copy the files to the correct locations
<cli prompt='#'>
root@ubuntu:~# cp ca.crt /etc/pki/tls/certs
root@ubuntu:~# cp ca.key /etc/pki/tls/private/ca.key
root@ubuntu:~# cp ca.csr /etc/pki/tls/private/ca.csr
</cli>

Change the paths to match where the Key file is stored in /etc/httpd/conf.d/ssl.conf
  SSLCertificateFile /etc/pki/tls/certs/ca.crt
  SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Quit and save the file and then restart Apache
  /etc/init.d/httpd restart

Now be able to connect over https to your server and see a default Centos page. As the certificate is self signed browsers will generally ask you whether you want to accept the certificate. 

=== Setting up the virtual hosts ===

Just as you set VirtualHosts for http on port 80 so you do for https on port 443. A typical VirtualHost for a site on port 80 looks like this
<code>
<VirtualHost *:80>
        <Directory /var/www/vhosts/yoursite.com/httpdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpdocs
        ServerName yoursite.com
</VirtualHost>
</code>

To add a sister site on port 443 you need to add the following at the top of your file
  NameVirtualHost *:443

and then a VirtualHost record something like this:
<code>
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        <Directory /var/www/vhosts/yoursite.com/httpsdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs
        ServerName yoursite.com
</VirtualHost>
</code>

Restart Apache again using
  /etc/init.d/httpd restart