These instructions work with Debian's apache-ssl package. (I think that's _not_ mod-ssl)
First, generate a server key:
openssl genrsa -out my.domain.com.key 1024
This file should be chmodded to 0400. You should also make a backup of this file in a safe place.
This will create a key without a passphrase. If you want a passphrase, add -des3 after genrsa. If you do this, you will need to type in the passphrase every time you restart your webserver.
Next, generate the CSR:
openssl req -new -key my.domain.com.key -out my.domain.com.csr
It will ask you questions... the critical one is "Common Name (eg Your Name)" The correct answer to that is the full name of your webserver. (i.e. www.slg.org or ssl.waldetech.ca Don't add https:// )
You can verify the info in the CSR:
openssl req -noout -text -in my.domain.com.csr
Send the csr file to your CA. (at GoDaddy?, you paste it into a box on their website. IIRC, GeoTrust? was the same.)
Your CA should send you back a certificate file. (.cer) Place that file on your webserver. chmod it to 0400.
Add these lines to your apache-ssl/http.conf file:
SSLCertificateFile? /etc/apache-ssl/my.domain.com.cer SSLCertificateKeyFile? /etc/apache-ssl/my.domain.com.key
Restart your webserver and you should be good to go.