Just a note for commands to make and sign your own SSL keys without a password. Remeber to blank any passwords if your going to use this with Apache so you don't need to input the password when the Apache service starts each time. You can use the certs that you sign on things like pop3s and imaps servers also. You will get warning from mail clients if you sign your own certs but just accept the cert. It is still and encrypted connection.
Generate the private key. Keep this safe and back it up.
openssl genrsa -out server.key 1024
Generate certificate signing request. You have to answer some questions here. Just put in fake or real info it does not matte. The only box that really matters is the one called "Common Name". This is where you have to put the exact host and domain name in. Like for a mail server with the name mail.example.org you would put mail.example.org.
openssl req -new -key server.key -out server.csr
Sign the request ourselves
openssl x509 -req -days 7300 -in server.csr -signkey server.key -out server.crt