I recently configured a Linux (Ubuntu) web server for SSL support. I had not done this for a long time, and had largely forgotten how. Here is the recipe and a fix to this problem.
Prologue: making your own SSL certificates
The easy solution to generating self-signed certificates needed for SSL is the the CA.pl perl script, which is included in the openssl installation tar ball. You can find it at
or else Google for "openssl-0.9.8 tar gz".
You need to generate suitable security keys (certificates) before you can use SSL. This can be accomplished using these steps from a suitable configuration directory:
perl CA.pl -newca
perl CA.pl -newreq
perl CA.pl -sign
You will have to answer various questions. The questions are stored locally, so the actual answers do not matter much, except for the domain name.
In particular, you should enter your server host name (e.g. www.dudek.org) when asked for a "common name".
This should produce the files newcert.pem and newkey.pem in the current directory.
Setting up Apache to use SSL
The apache2 configuration section for SSL then needs to use these keys with lines like:
Whoops: error -12227
After this I was getting the error in my log file
OpenSSL: Exit: error in SSLv3 read client certificate B
which leads to an error -12227 from Firefox when the site is accessed.
After searching Google I found other people complaining about this, but with no actual diagnosis. Well, I have the answer. Looking at the error logs, I found that it was due to having configured apache/ssl for client authentication without having provided suitable certificates (the detailed story is that apache needs to understand you are acting as your own certificate authority, and not depending on an external one).
Solution to error: SSLCACertificate
The fix is to change the line in the apache config file that reads:
to instead read
After that, it should all work.
CA.pl manual page: http://www.openssl.org/docs/apps/CA.pl.html
SSL configuration explanation:
Ubuntu instructions (good) which avoids using CA.pl:
More user's stories: