http://hublog.hubmed.org/archives/001075.html
http://www.securityfocus.com/infocus/1820
1) generate private key and certificate signing request:
openssl genrsa -out example.org.key 2048 openssl req -new -key example.org.key -out example.org.csrThe keys must not be password protected, otherwise Apache will hang waiting for a password when it starts up.
2) verify .csr:
openssl req -in example.org.csr -noout -text
3) Verify signed Apache certificate
openssl verify -CAfile trusted_ca.crt -purpose sslserver example.org.certserver.crt