Hi!
Even if I'm not the OP, this is a good guide... Cool.
On Sat, Jun 14, 2008 at 10:42:37AM -0700, Dustin Lundquist wrote:

quoted text
>[...]

>The process of setting up signed cert is as follows:

quoted text
>1. Generate your private key and secure file permissions (you want to do

>this in a secure fashion, i.e. on the box directly as a root or a

>private user). Guard this file: if it is compromised the security SSL

>provides is compromised.:

>openssl genrsa -out secure.example.com.key 4096

>chmod 400 secure.example.com.key

Before all that: umask 077, so there'll be no window of time when the

key will be group/world readable.
>[...]
>3. Send the CSR (you can open the file and copy and paste the contents

quoted text
>into an email, or the certificate authority's website) to the

>certificate authority along with what ever other documentation they

>require (there job is to verify you are who you are requesting a

>certificate for before signing the key, they usally require some proof

>of domain ownership and everything else you entered in step 2).

>4. You will then receive your signed certificate, you can either keep

quoted text
>the certificate in a separate file from your private key, or cat them

>together to make a .pem file: cat secure.example.com.key

>secure.example.com.cert > secure.example.com.pem; chmod 400

>secure.example.com.pem

>Configure apache to use your new cert and key:

>SSLCertificateFile /etc/ssl/secure.example.com.cert

>SSLCertificateKeyFile /etc/ssl/secure.example.com.key

> - or -

>SSLCertificateFile /etc/ssl/secure.example.com.key

Again, before the cat, use umask 077, for the same reason.
>Since apache is chrooted, have to restart it to read the new key and

quoted text
>certificate.

>Dustin Lundquist
Again, thanks for the cool explanations and step-by-step kind of guide.

Will probably be helpful for more than the original poster.
Kind regards,
Hannah.