Really just posting this here as a place to document what I did and maybe it might help someone else. Hopefully need it next year when the cert expires. Information is derived from http://www.akadia.com/services/ssh_test_certificate.html.
http://web2py.com/books/default/chapter/29/13 is the chapter that describes how to deploy web2py on an Apache server using windows. In the line, "Fourth, create server.crt and server.key certificates (as discussed in the previous section) and place them in the folder Apache2.2/conf. Notice the cnf file is in Apache2.2/conf/openssl.cnf." replace "as discussed in the previous section" with this procedure. Make sure C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin is in your PATH. Open a command window and change directory to C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf *Note: These commands are copied from my command window. Simply follow along changing the values on the appropriate prompt responses. Note that I have some Unix-like bat files that allow ">ls". (I Left the openssl.conf error in as to allow search engines to find it.)* C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf>ls charset.conv httpd.conf.bak mime.types openssl.cnf extra httpd.conf~ mime.types.bak original httpd.conf magic C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf>openssl genrsa -out server.key 1024 Loading 'screen' into random state - done Generating RSA private key, 1024 bit long modulus ...............................++++++ ..................++++++ e is 65537 (0x10001) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf>ls charset.conv httpd.conf.bak mime.types original extra httpd.conf~ mime.types.bak server.key httpd.conf magic openssl.cnf C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf>openssl req -new -key server.key -out server.csr Unable to load config info from /usr/local/ssl/openssl.cnf C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf>openssl req -new -key server.key -config openssl.cnf -out server.csr Loading 'screen' into random state - done You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:TX Locality Name (eg, city) []:Richardson Organization Name (eg, company) [Internet Widgits Pty Ltd]:TriQuint Semiconductor Organizational Unit Name (eg, section) []:Modeling Team Common Name (eg, YOUR name) []:modelingiscool.tqs.com Email Address []:bill dot thayer at tqs dot com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf>openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Loading 'screen' into random state - done Signature ok subject=/C=US/ST=TX/L=Richardson/O=TriQuint Semiconductor/OU=Modeling Team/CN=dfwmodeling01d.tqs.com/emailAddress=bill dot thayer at tqs dot com Getting Private key C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf>ls charset.conv httpd.conf~ mime.types.bak server.crt extra magic openssl.cnf server.csr httpd.conf mime.types original server.key httpd.conf.bak C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf>
