An SSL certificate functions as ID for your server. To get an SSL certificate, generate a certificate request using your private key and send the request to a certificate authority (CA), like VeriSign or Thawte. The CA will issue a signed certificate. To generate a certificate request follow the steps below:
Create your private key
Create the certificate request
Use the following command:
openssl req -new -key server.key -out server.csr
The CA will ask for more information about your organization and web site. Please give correct information to the best of your ability. When asked for the Common Name of your site, you can use commands such as nslookup, dig or host to look up the domain name you should use for this. For example, if the web site can be accessed via both
http://www.foo.bar, usually foo.bar should be used for the Common Name.