CAcert

Here are my notes on how to get https connections working on your *.domain.com Name Based Virtual hosts using Apache 2 and https://www.cacert.org/  This is not SNI!  See http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI for that.

• Generate your CSR(Certificate Signing Request) using the commands below, hit enter on everything except "Common Name" put *.domain.com in Common Name

openssl genrsa -out privkey.pem 4096
openssl req -new -key privkey.pem -out cert.csr
cat cert.csr

• Log in to CAcert.org
• After verifying your domain, Add a Server cert and paste the contents of cert.csr

cat privkey.pem >> asterisk.domain.com.pem

• add your new cert with the privkey in one file

vi asterisk.domain.com.pem

• edit apache config

cd /etc/apache2/mods-enabled/
ln -s ../mods-available/ssl.conf ssl.conf
ln -s ../mods-available/ssl.load ssl.load

vi /etc/apache2/sites-available/default

• Duplicate your *:80 entry's with the following changes

NameVirtualHost *:443
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/apache2/cacert.org/asterisk.domain.com.pem



/etc/init.d/apache2 restart

• Importing the CAcert.org for Chromium and firefox did not work quite right for me. They still prompted invalid cert.

sudo apt-get install ca-certificates libnss3-tools
certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "CAcert.org" -i /usr/share/ca-certificates/cacert.org/cacert.org.crt
firefox /usr/share/ca-certificates/cacert.org/*.crt