In order to use HTTPS with your SourceForge install, you need to have a valid SSL certificate installed for Apache to use.
There are two kinds of certificates: self-signed and CA-signed. Self-signed certs are ones that you generate and authorize yourself, and they cost you nothing (though some browsers/applications will not like them much). A CA-signed certificate is authorized by a Certificate Authority (like Verisign). They can cost hundreds of dollars, but every browser/application recognizes the CA certificate.
In either case, you first have to generate a CSR, or certificate signing request, using the steps below:
You now have the private server key, and the csr. Whatever you do, do NOT lose the key! The csr and the resulting certificate will be tied to it and will not function if you lose it or try to replace it.
If you are getting an official CA-signed cert, you must provide them with the servername.csr file and they will reply with the cert.
If you are doing a self-signed cert, create it this way:openssl req -new -key servername.key -x509 -out servername.crtYou should now have all three pieces needed to make Apache use SSL.
NOTES: You should replace "servername" above with the real domain name of the server in question, e.g. sourceforge.mycompany.com. You also need to be very precise in answering the questions when generating the CSR. Most CA-signing companies will refuse it if the information is not correct. And finally, when building the CSR, it will ask for the common name. You should reply with the real domain name of the server, e.g. sourceforge.mycompany.com. This value will be built into the cert and, if incorrect, will cause browsers to complain that the cert doesn't match the hostname, meaning your users will have to acknowledge it every time.