In addition to submitting your CSR to a commercial CA, you can always create a self-signed certificate. That is, you can be both the issuer and the subject of the certificate. Although this is not very useful for a commercial website, it will enable you to test your installation of mod_ssl or to have a secure web server while you wait for the official certificate from the CA. # ./usr/local/ssl/bin/openssl x509 -req \ -days 30 -in www.example.com.csr -signkey \ www.example.com.key -out www.example.com.cert You now need to copy your certificate www.example.com.cert (either the one returned by the CA or your self-signed one) to /usr/local/ssl/openssl/certs/ and your key to /usr/local/ssl/openssl/private/. Protect your key file by issuing the following command: # chmod 400 www.example.com.key |