TLA reader Drew Dressler saw the instructions posted on this site on using a Windows CA to generate and SSL certificate for an Apache webserver. He has another method he wanted to share that he uses to do the same thing. These instructions assume you have apache 2.x running on a linux box with 2.6 kernel or later with mod_ssl installed and properly configured and that you are logged in as "root"
The need for this type of certificate is in a windows active directory domain where a CA (Certificate authority exists). This set up will fix the Internet Explorer 7 error you get when browsing internal or "Intranet" web hosts running linux/apache2 who are authenticated to active directory. After installing the certificate into apache, authenticated user will no longer see "There is a problem with this website's security certificate. Open up a terminal on the Linux server and
~ # cd /etc/apache2/ssl
ssl # openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modulus
...........++++++
..++++++
e is 65537 (0x10001)
ssl # chmod 640 server.key
ssl # openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank. For some fields there will be a default value, If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) 
:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:Los Angeles
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Company
Organizational Unit Name (eg, section) []:Sales and Marketing
Common Name (eg, YOUR name) []:sales.yourcompany.com (this must match the hostname people type to get to your secure webpage. if it does not, users will get a certificate error)
Email Address []:sales@yourcompany.com
-----
Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []:LEAVE BLANK
An optional company name []:LEAVE BLANK
Now we need to view or download the certificate. Easiest way is to view it and copy and paste the code
ssl # cat server.csr
A typical certificate request will look like the following and you need to copy eveything including the BEGIN and END lines
-----BEGIN CERTIFICATE REQUEST-----
MIIB9zCCAWACAQAwgbYxCzAJBgNVBAYTAlVTMRMertgdfQIEwpDYWxpZm9ybmlh
MRAwDgYDVQQHEwdSb2NrbGluMRkwFwYDVQQKExBBbmNob3IgRmluYW5jaWFsMRMw
EQYDVQQLEwpUZwNobm9sb2d5MSuwIwYDVQQDExxpbnRyYW5ldC5hbmNob3JmaW5h
bmNpYWwuYml6MSkwJwYJKoZIhvcNAQkBFhppdGRlcHRAYW5jaG9yZmluYW5jaWFs
LmJpejCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA00UvaR3iy60diInSNyYV
nHYvB2CC93RRXN6BT7L3Qx2VvH1Uxs4u7N5iAUWB7Qoktyrmg0lBIzjVdtoVWOzX
+0JzqLq+q/jA5Z9jUFDAeJ82dfgdfggdfo84dldtam848ioc1qu989RY2rJa2zEI
pYJ1cyrH7wiFOqZ2fSbvu6ECAwEAAaAAMA0GcSqGSIb3DQEBBQUAA4GBAIDPImj1
nHF2uFAJ0X0oakwFCxQXFyRaYJQr8DGJ2G8TdVG5xDTbx2GHWmmvFb2QQpOY4/eL
cGS3sHAKxFmdCOWUrOPmf38EsSBjUo28pW4ppX6EWmpLz1l/TjjnoKJC3MI+GgIw
xOPUa70OX6GPqw2IsMUXE5hJzRRJ+9388TZM
-----END CERTIFICATE REQUEST-----
Open up your certserv window. you will need to be on the Windows CA, you will not be able to do this from a client by default https://localhost/certserv click the "Request a certificate" dot and click next click the "Advanced request" dot and click nextclick the "Submit a certificate request using a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file" dot then click next paste the code into the box labeled "Base64 Encoded Certificate Request" then click next "DER encoded" is already selected, click the "Download CA certificate" link and save the file locally SCP or SFTP the file to your linux box, then mv it to your ssl directory. Open up the terminal on the Linux server again and run the following commands.
~ # mv server.cer /etc/apache2/ssl/server.cer
~ # cd /etc/apache2/ssl
ssl # chmod 640 server.cer
ssl # openssl x509 -in server.cer -inform d -out server.pem
ssl # chmod 640 server.pem
ssl # chown root:apache server.* (this combined with chmod 640 will allow only root to edit these files, and only apache to read them)
Now edit your ssl_vhost.conf for apache2 and add/edit this line
SSLCertificateFile conf/ssl/server.pem
ssl # /etc/init.d/apache2 restart
That should take care of it!