Generating a SSL certificate for Apache

In Debian a trial SSL certificate is generated at the time of installation of the apache-ssl package. However this certificate is only valid for a month and you might want to access your server over SSL for a longer period ... without buying a real certificate.

You can do this by issuing the following command to invoke the same procedure that was run at the time of installation: dpkg-reconfigure apache-ssl

This will generate a new certificate, but again it'll be valid only for a month.

You can generate a custom certificate that is valid for a period of your choice by issuing the following commands:
cd /etc/apache-ssl
mv apache.pem apache_expired.pem
openssl req -x509 -newkey rsa:1024 -keyout server.key -out server.crt -days 1825 -nodes
cat server.key server.crt > apache.pem
chmod 0600 apache.pem
rm server.key server.crt
/etc/init.d/apache-ssl restart

This will generate a certificate valid for 1825 days (~5 years) and without a passphrase. It will also restart apache-ssl in the end.
If you omit the "-nodes" option during execution of openssl, then it will ask you for the passphrase at the time of certificate-generation ... and every time you start apache-ssl.