interests
   alt-energy
   animals
   art
   clocks
   colbert
   college
   computers
     books
     camera
     certs
     fonts
     history
     hw
     net
     openssl
     RAID
     speakers
     stylus
     sw
     thinkpad
     esb
     usb
   documentaries
   food
   form letters
   free books
   glasses
   house
   law
   logic
   math
   movies
   music
   plants
   plastics
   recipes
   shellshock
   toronto
   transpo
   usb
   wales
   watches
   wtf
   linguistics
me
opinions
works

How to create a bunch of certs. 1) First, declare yourself a root cert authority: Create a RSA private key for your CA (will be Triple-DES encrypted and PEM formatted): $ openssl genrsa -des3 -out ca.key 1024 Please backup this ca.key file and remember the pass-phrase you currently entered at a secure location. You can see the details of this RSA private key via the command $ openssl rsa -noout -text -in ca.key And you can create a decrypted PEM version (not recommended) of this private key via: $ openssl rsa -in ca.key -out ca.key.unsecure Create a self-signed CA Certificate (X509 structure) with the RSA key of the CA (output will be PEM formatted): $ openssl req -new -x509 -days 365 -key ca.key -out ca.crt You can see the details of this Certificate via the command: $ openssl x509 -noout -text -in ca.crt 2) Make a server key. We are going to us ethe same server key of all out certs so we won't have one key file per domain. openssl genrsa -des3 -out server.key 1024 3) If you want, make unsecure (ie, no pass phrase) versions of these files $ openssl rsa -in server.key -out server.key.unsecure You end up with this: # d total 13 drwxrwx--- 3 root ca 1024 Mar 25 20:10 ./ drwxr-xr-x 22 root wheel 512 Feb 26 22:42 ../ drwxr-xr-x 2 root ca 512 Mar 25 19:39 ca.db.certs/ -rw-r--r-- 1 root ca 518 Mar 25 19:39 ca.db.index -rw-r--r-- 1 root ca 3 Mar 25 19:39 ca.db.serial -rw-r--r-- 1 root ca 887 Mar 25 19:25 ca.key -rw-r--r-- 1 root ca 963 Mar 25 19:25 ca.key.secure -rw-r--r-- 1 root ca 887 Mar 25 19:24 ca.key.unsecure -rw-r--r-- 1 root ca 891 Mar 25 20:08 server.key -rw-r--r-- 1 root ca 963 Mar 25 20:07 server.key.secure -rw-r--r-- 1 root ca 891 Mar 25 20:08 server.key.unsecure -rwxr-xr-x 1 root ca 1784 Mar 25 19:19 sign.sh* 4) Now go make CSR's for the domains you want certs for: $ openssl req -new -key server.key -out server.csr Where "server.csr" is replaced by the freal domain, ie example.com.csr 5) Nos sign 'em ./sign.sh example.com.csr You'll now have example.com.crt, just plug that into apache.conf and restart and you're done.