openssl req -new > new.cert.csr
Step two - remove the passphrase from the key (optional):
openssl rsa -in privkey.pem -out new.cert.key
Step three - convert request into signed cert:
openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365
The Apache-SSL directives that you need to use the resulting cert are:
SSLCertificateFile /path/to/certs/new.cert.cert SSLCertificateKeyFile /path/to/certs/new.cert.key
Step one - create a CA certificate/key pair, as above.
Step two - sign the client request with the CA key:
openssl x509 -req -in client.cert.csr -out client.cert.cert -signkey my.CA.key -CA my.CA.cert -CAkey my.CA.key -CAcreateserial -days 365
Step three - issue the file 'client.cert.cert' to the requester.
The Apache-SSL directives that you need to validate against this cert are:
SSLCACertificateFile /path/to/certs/my.CA.cert SSLVerifyClient 2