Face Check

* generate a private key for server:
openssl genrsa -aes256 -out privaterschluessel.pem 2048

* generate a certificate:
openssl req -new -x509 -days 365 -key privatekey.pem -out certificate.pem

* (on Windows) reference the OpenSSL config file:
openssl req -config ..\conf\openssl.cnf -new -x509 -days 365 -key privatekey.pem -out certificate.pem

Fide Sed Cui Vide

* create CA certificate request:
openssl req -new -key privatekey.pem -out request.csr

* create directory and copy certificate:
mkdir -p /etc/apache2/ssl
cp *.pem /etc/apache2/ssl

Components

* root enables mod_ssl:
a2enmod ssl

* add section to the configuration:
<IfModule mod_ssl.c>
        Listen 443
</IfModule>

Spoiled for Choice

* SSL directive example:
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

* possible combinations of algorithms:
openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'

* discover the available hardware accelerators:
openssl engine

* choose an accelerator (e.g., rsax here):
SSLCryptoDevice rsax

* set up a cache for the session data:
SSLSessionCache dbm:/tmp/cachefile

Roll the Dice

* random values from a file, such as from /dev/random in Linux:
SSLRandomSeed connect file:/dev/random

* retrieve a random number on starting the web server:
SSLRandomSeed startup exec:/bin/myprg

* random values from a network socket in Unix:
SSLRandomSeed startup egd:/path/to/socket