#1. Installer OpenSSL :

sudo apt-get update
sudo apt-get install openssl

#2. Configurer la CA :

mkdir -p ~/myCA
mkdir -p ~/myCA/csr
cd ~/myCA
mkdir certs crl newcerts private
chmod 700 private
touch index.txt
echo 1000 > serial

#3. Créer la clé privée de la CA :

openssl genpkey -algorithm RSA -out private/ca.key

#4. Créer le certificat de la CA:

openssl req -new -x509 -key private/ca.key -out certs/ca.crt -days 3650 -subj "/C=FR/ST=Nouvelle-Aquitaine/L=Niort/O=MyCA/OU=IT/CN=univ-poitiers.local"

#5. Créer une demande de certificat (CSR) pour le serveur Apache:

openssl genpkey -algorithm RSA -out private/apache.key
openssl req -new -key private/apache.key -out csr/apache.csr -subj "/C=FR/ST=Nouvelle-Aquitaine/L=Niort/O=MyServer/OU=IT/CN=univ-poitiers.fr"


#6. Signer le certificat du serveur Apache avec la CA :

openssl ca -in /tmp/apache.csr -out /tmp/apache.crt -days 365 -batch -config <(cat <<EOF
[ ca ]
default_ca = CA_default

[ CA_default ]
dir = /home/ubuntu/myCA
certs = \$dir/certs
crl_dir = \$dir/crl
new_certs_dir = \$dir/newcerts
database = \$dir/index.txt
serial = \$dir/serial
private_key = \$dir/private/ca.key
certificate = \$dir/certs/ca.crt
default_days = 365
default_md = sha256
policy = policy_anything

[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
EOF
)

#7. Configurer Apache pour utiliser le certificat:

<VirtualHost *:443>
    ServerAdmin webmaster@example.com
    ServerName www.example.com

    SSLEngine on
    SSLCertificateFile /home/ubuntu/myCA/certs/apache.crt
    SSLCertificateKeyFile /home/ubuntu/myCA/private/apache.key
    SSLCertificateChainFile /home/ubuntu/myCA/certs/ca.crt

    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

#8. Redémarrer Apache:

sudo systemctl restart apache2