Creating a HTTPS secured site is simple even for virtual domains, it only requires a small change to your Apache configuration and the creation of a SSL certificate. You can always buy a certificate but for our simple solution we will create our own.

You need to startup a Terminal and issue the following commands:

cd /etc/httpd
sudo openssl req -keyout privkey.pem -newkey rsa:2048 -nodes -x509 -days 365 -out certificate.pem

Answer the questions that appear as well as you can:

Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:your.securewebserver.tld
Email Address []:you@yourdomain.tld

The most important one is the ‘Common Name’, make sure that that is the same as the secure webserver name. The problem here is that if you want to use it for completely different domain names the end user will get a warning in his browser that it can’t match the certificate with the domain name. This certificate will be valid for a year (365 days).

Myself I use *.richard5.net and use subdomains (like mail.richard5.net and admin.richard5.net) to accommodate all my secure virtual needs.

This action should have created two files called ‘certificate.pem‘ and ‘privkey.pem‘.

Next we need to change our Apache configuration file called ‘/etc/httpd/httpd.conf

Make sure the following lines are uncommented:

LoadModule ssl_module modules/mod_ssl.so

Include /etc/httpd/extra/httpd-ssl.conf

Change the following lines in the configuration file ‘/etc/httpd/extra/httpd-ssl.conf‘.

SSLCertificateFile "/etc/httpd/server.crt"

SSLCertificateKeyFile "/etc/httpd/server.key"

into

SSLCertificateFile "/etc/httpd/certificate.pem"

SSLCertificateKeyFile "/etc/httpd/privkey.pem"

That’s it, now you can change any virtual domain into a HTTPS domain. If you want to change www.site1.com from the previous page into a secure HTTPS virtual server you just need to change the configuration for the site from the original:

<VirtualHost your.external.ip.address:80>
  DocumentRoot /Library/WebServer/Documents/site1.com
  ServerName www.site1.com
  ServerAdmin webmaster@site1.com
  ErrorLog logs/site1.com.error_log
  CustomLog logs/site1.com.access_log combined
</VirtualHost>

Into the secure version:

<VirtualHost your.external.ip.address:443>
  DocumentRoot /Library/WebServer/Documents/site1.com
  SSLEngine on
  ServerName www.site1.com
  ServerAdmin webmaster@site1.com
  ErrorLog logs/site1.com.error_log
  CustomLog logs/site1.com.access_log combined
</VirtualHost>

Please note, this is a simple way to achieve security for personal domains. If the Common name from the creation of the certificate does not match the domain name in the browser the end user will get a warning from the browser stating that it can’t match the certificate with the domain. If the user however accepts this warning he/she will still have a secure connection over SSL. You can only get this working “officially” if all your virtual domains have a different ip-address which is usually impossible (or very expensive) when running a server from your home broadband connection.