Generating a quick and dirty key
This is not complete for setting up a proper certificate.

openssl genrsa -out fqdn.website.key 2048
openssl req -new -key fqdn.website.key -out fqdn.website.csr -subj '/C=US/ST=Oregon/L=Portland/O=OpenSourcery/CN=fqdn.hostname.com'
openssl x509 -req -days 60 -in fqdn.website.csr -signkey fqdn.website.key -out fqdn.website.pem

Placing keys/certs

    * Name the key/csr/crt after what the FQDN of the virtualhost will be (or mail server)... mail.opensourcery.com.crt, www.opensourcery.com.crt, etc.
    * If more than one key/crt will be used on the server create additional groups such as "sslweb" "sslmail" and make this the group of the individual files under the certs/private directories. 


/etc/ssl/certs
drwxr-xr-x 2 root root 8744 Jul 20 19:01 certs
-rw-r--r-- 1 root root 1667 Jul 20 18:59 trillian.opensourcery.com.pem

/etc/ssl/private
drwxr-x--- 2 root ssl 176 Jan 29 2006 private
-r--r----- 1 root ssl 1139 Jul 4 2005 trillian.opensourcery.com.csr
-r--r----- 1 root ssl 1679 Nov 27 2004 trillian.opensourcery.com.key

Make user www-data a part of the ssl group.

##
# APACHE2
#
    SSLEngine               On
    SSLProtocol             -all +TLSv1 +SSLv3
    SSLCipherSuite          HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH
    SSLProxyEngine          Off
    SSLCertificateKeyFile   /etc/ssl/private/www.subtend.net.key
    SSLCertificateFile      /etc/ssl/certs/www.subtend.net.pem

    <Directory />
        Options FollowSymLinks
        AllowOverride None
        SSLRequireSSL
    </Directory>