>1) Generate a key:
$ openssl genrsa -out www.example.com-key 2048
Generating RSA private key, 2048 bit long modulus
2) Generate a Certificate Sigining Request (CSR):
$ openssl req -new -key www.example.com-key -out
You are about to be asked to enter information that will be
into your certificate request.
What you are about to enter is what is called a Distinguished
Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:Greater London
Locality Name (eg, city) [Newbury]:London
Organization Name (eg, company) [My Company Ltd]:Acme Websites
Organizational Unit Name (eg, section) : <Leave blank>
Common Name (eg, your name or your server’s hostname)
Email Address : <Leave blank>
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password : <Leave blank>
An optional company name : <Leave blank>
3) Buy a certificate:
You can buy certificate from verisign, or thwate or such CA. What you need to do is goto website of these Certificate Authority and submit your csr file.
4) Setup an SSL Vhost: