Here is a rough outline of how to get Apache2 SSL working. I agree that the package could be more SSL friendly out of the box. I came here to file a bug myself ;-).
Steps: 1. Have Apache working without SSL! 2. Generate your SSLCertificateFile and SSLCertificateKeyFile files. I used the newcert-ca.sh script at http://www.openssl.org/contrib/ . If you go this route be sure to read the script before you start running it so that you understand what you are doing. You will run it one time to create a CA and a second time calling that CA to create a the files for your server. 3. Copy the .key and .cert over to the /etc/apache2/ssl/ directory so that they are easy to get to. 4. Copy your sites-available/default file and call it default-ssl. ***Including this file already set up is something that the APACHE2 .deb could be doing at install time.*** 5. Edit your new default-ssl as follows. The first two lines you will just edit what is there. The stuff inside the # SSL STUFF + bars will be inserted after the <VirtualHost *:443> line: NameVirtualHost *:443 <VirtualHost *:443> # SSL STUFF (START) ++++++++++++++++++++++++++++++++++++++++++++++++++++ SSLEngine on SSLCertificateFile /etc/apache2/ssl/server_cert_name_httpsd.cert SSLCertificateKeyFile /etc/apache2/ssl/server_key_name_httpsd.key # see http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html for the meaning of below. # The following enables only the seven strongest ciphers. SSLProtocol all SSLCipherSuite HIGH:MEDIUM # SSL STUFF (END) +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 6. Run "a2enmod" and make sure that ssl is enabled. 7. Make sure the ports.conf line contains both a "Listen 80" and a "Listen 443" line. 8. Test your setup by running "apache2 -D SSL -S". The results should look something like these below: littleguy:/etc/apache2/sites-enabled# apache2 -D SSL -S apache2: Could not determine the server's fully qualified domain name, using 127.0.0.1 for ServerName VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: *:443 is a NameVirtualHost default server 127.0.0.1 (/etc/apache2/sites-enabled/default-ssl:2) port 443 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/default-ssl:2) *:80 is a NameVirtualHost default server 127.0.0.1 (/etc/apache2/sites-enabled/default:2) port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/default:2) Syntax OK 9. "/etc/inid.d/apache2 restart" and then go test your SSL (and nonSSL) pages. Debian Apache Maintainers -- Could y'all include at least a sample default-ssl file and some terse documentation in the README? Thanks, Sam