The A to Z of setting up a Linux box for secure local hosting

This guide has a lot of answers about using SSL with Apache, tells you how to create a self-signed certificate, how to get a proper certificate from a recognized certificate authority (CA) and how to create your own, untrusted CA to create a full certificate. http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html

As for virtual hosts and SSL, each host will need its own IP address or a dirtier solution is to host them on different ports, than the standard :443 due to the nature of SSL certificates, name-based virtual hosting does not get along with SSL; which is why you need another method to differentiate; differing ports/IPs.

Setting up SSH is pretty easy, it should be running on your server, already. You will want to do a number of things to lock it down.

PermitRootLogin no
AllowGroups admins
PubkeyAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication no

It can be added to your /etc/ssh/sshd_config to restrict remote root access, and remove password authentication, instead using public/private keypairs to log in.

To create your SSH keypair, you can use puttygen in Windows; http://putty.very.rulez.org/download.html or you can create the keypair in a Linux environment like so: ssh-keygen -b 2048 -t RSA -f my_keypair. This will create a my_keypair file and a my_keypair.pub file (only named for this example, I might suggest naming for your username or leaving off -f, and letting it generate ~/.ssh/id_rsa).

Securely transfer my_keypair to your workstation, for future SSH access, this is the private key, you should not share it with anyone. Then, on the server, create $HOME/.ssh if it does not already exist, mkdir ~/.ssh, then copy the public key (my_keypair.pub) to ~/.ssh/, if you already have authorized_keys in ~/.ssh because you've done this for other things, you can do cat my_keypair.pub >> authorized_keys to append your public key, or cp my_keypair.pub authorized_keys if it doesn't exist.

Now run chmod 700 ~/.ssh and chmod 644 ~/.ssh/my_keypair.pub ~/.ssh/authorized_keys to set permissions. You can keep a copy of my_keypair in ~/.ssh/ for use when connecting to other hosts, but you should do chmod 600 ~/.ssh/my_keypair to make sure no one else can access it.

You will want to add a normal user account for yourself, and add yourself to a group other than users, like admins in my example.

You will probably also want to add your user or group to /etc/sudoers to enable sudo usage, if you haven't already. This is accomplished with the command visudo which is the only way you should edit this file. visudo runs error and syntax checking on your configuration before writing it out, preventing loss of sudo usage.

username ALL=(ALL) ALL

added to /etc/sudoers will allow username to run sudo yum install blah and will prompt you for your own password. This is handy in the event you have other administrators or temporary administrators, you don't need to share the root password.

The problem with your SSL config is that you've not actually enabled SSL, you'd need the Apache directives for that:

SSLEngine on
SSLCertificateFile /path/to/cert.pem
SSLCertificateKeyFile /path/to/key.pem

Without this you'll get those record too long errors, it's because instead of the SSL headers your browser was expecting, it's getting instead just the unencrypted web page in a big chunk.