Install SSL CA Certificate

openssl genrsa -out example.com.key 2048
 
openssl req -new -key example.com.key -out example.com.csr \
-subj "/C=DE/ST=NRW/L=Cologne/O=My Inc/OU=IT/CN=192.168.1.1/emailAddress=webmaster@example.com"
 
mv example.com.crt /etc/ssl/certs/
mv example.com.key /etc/ssl/private/
 
 
https://www.startssl.com/
Express Lane
Register...
Create certificate...
openssl req -new -key /etc/ssl/private/example.com.key -out /root/example.com.csr
cat /root/example.com.csr
Save as:
example.com.crt
 
wget http://www.startssl.com/certs/sub.class1.server.ca.pem -O /etc/ssl/certs/sub.class1.server.ca.pem
 
cp /etc/apache2/sites-available/default-ssl /root/
 
vi /etc/apache2/sites-available/default-ssl
# OPTIONAL: configure virtualhost
# SSLCertificateFile /etc/ssl/certs/example.com.crt
# SSLCertificateKeyFile /etc/ssl/private/example.com.key
# SSLCertificateChainFile /etc/ssl/certs/sub.class1.server.ca.pem
 
sed -i 's|/etc/ssl/certs/ssl-cert-snakeoil.pem|/etc/ssl/certs/example.com.crt|g' /etc/apache2/sites-available/default-ssl
sed -i 's|/etc/ssl/private/ssl-cert-snakeoil.key|/etc/ssl/private/example.com.key|g' /etc/apache2/sites-available/default-ssl
sed -i 's|#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt|SSLCertificateChainFile /etc/ssl/certs/sub.class1.server.ca.pem|g' /etc/apache2/sites-available/default-ssl
 
a2enmod ssl
a2ensite default-ssl
 
/etc/init.d/apache2 restart
 
Save your browser certificate
https://www.startssl.com/?app=25#4
 
# view certificate details
openssl x509 -noout -text -in /etc/ssl/certs/example.com.crt
 
# Link
http://www.heise.de/security/artikel/SSL-fuer-lau-880221.html