This document was tested against version apache_2.2.11-win32-x86-openssl-0.9.8i.msi.
Open up a command prompt and change directory to where the apache binaries are located. This is because the bin directory is not added to your path by default.
cd c:\apps\apache2.2\bin
set the search path for the openssl.cnf file with the following:
set KEY_CONFIG=C:\apps\Apache2.2\conf\openssl.cnf or whereever your conf file is located.
now you can run the request for your key:
openssl genrsa -des3 -out name_of_your_certificate.key 1024
Openssl does not support pass phrases on the windows platform. Use this command to generate a key that has the pass phrase stripped out (where the file1 and file2 refers to your output file from above):
openssl rsa -in file1.key -out file2.key
Here you have to explicitly define the openssl.conf file.
openssl req -config c:/apps/apache2.2/conf/openssl.cnf -new -key www.mydomain.com.key -out www.mydomain.com.csr
The certicate vender will have a form for you to paste in the csr. This will be processed and the certificate will be either emailed or downloaded.
The vender in this test case asked for the following lines to be added to the openssl.cnf file:
SSLCertificateFile /apps/Apache2.2/conf/SSL/www.myserver.com.crt
SSLCertificateKeyFile /apps/Apache2.2/conf/SSL/www.myserver.com.key
SSLCertificateChainFile /apps/Apache2.2/conf/SSL/null
where www.myserver.com is the name of the server and /apps/Apache2.2/conf/SSL is the path the certificates.
SSLEngine on
"SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
SSLCertificateFile conf/SSL/www.myserver.com.crt
SSLCertificateKeyFile conf/SSL/www.myserver.com.key
Now with any luck, you should be able to restart apache and use https for this server name.