SSL:
http://www.freebsd.org/doc/de_DE.ISO8859-1/books/handbook/openssl.html
http://www.modssl.org/docs/2.7/ssl_faq.html#ToC24

Make sure OpenSSL is really installed and in your PATH. But some commands even work ok when you just run the ``openssl''
program from within the OpenSSL source tree as ``./apps/openssl''.

Schritt 1

Create a RSA private key for your Apache server (will be Triple-DES encrypted and PEM formatted):
$ openssl genrsa -des3 -out server.key 2048
(ohne pwd)
$ openssl genrsa -out server.key 2048

Achtung

Beim Starten fragt der WebServer die KEY-Files ab und wenn wein Passwort bei der Erstellung verwendet wurde, so muss dieses bei jedem Start des Webserver eingegebn werden!

Please backup this server.key file and remember the pass-phrase you had to enter at a secure location.
You can see the details of this RSA private key via the command:
$ openssl rsa -noout -text -in server.key

And you could create a decrypted PEM version (not recommended) of this RSA private key via:
$ openssl rsa -in server.key -out server.key.unsecure

Schritt 2

Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted):
$ openssl req -new -key server.key -out server.csr

Make sure you enter the FQDN ("Fully Qualified Domain Name") of the server when OpenSSL prompts you for the "CommonName",
i.e. when you generate a CSR for a website which will be later accessed via https://www.foo.dom/, enter "www.foo.dom" here.
You can see the details of this CSR via the command
$ openssl req -noout -text -in server.csr

openssl genrsa -out server.key 2084
openssl req -new -key Server.key -out .server.csr
openssl x509 -req -days 7300 -in .server.csr -signkey server.key -out server.crt

Anmerkung:
7300 days = 20 Jahre (365*20)