Enabling https will allow for an encrypted connection between the user’s browsers and the server, meaning data passing back and forth cannot be intercepted by third parties. This is particularly useful for data collection and login processes.

1. Create a new directory and go there to work:

   mkdir /root/Certs ; cd $_

2. Create a CA key or import the EWEA CA key. If creating one from scratch, use:

   openssl genrsa -out ca.key 2048

3. Generate a Certificate Signing Request (CSR):

   openssl req -new -key ca.key -out ca.csr

4. Create a server key for the local machine:

   openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out <servername>.crt

5. Create the following folders if they don’t exist:

   mkdir -p /etc/httpd/ssl/certs /etc/httpd/ssl/private

6. Copy the keys to the following folders:

    cp -a <servername>.crt /etc/httpd/ssl/certs/ ; cp -a ca.* /etc/httpd/ssl/private/

7. Edit the apache config to use the new certificate:

   vi /etc/httpd/conf.d/ssl.conf

8. Find and edit these two lines:

   SSLCertificateFile /etc/httpd/ssl/certs/<servername>.crt
   SSLCertificateKeyFile /etc/httpd/ssl/private/ca.key

9. Make sure the firewall is open:

   vi /etc/sysconfig/iptables
   -A INPUT -p tcp -m tcp --dport 443   -m state --state NEW -j ACCEPT

10. Restart the firewall and Apache:

    service iptables restart && service httpd restart

11. Go to https://<servername> and see if it works!

More information here:

wiki.centos.org/HowTos/Https
www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-apache-for-centos-6

Multiple virtual hosts examples here:

http://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm