There is how ever a short cut, given that you are using Apache, mod_ssl, openssl and Firefox.

We’re going to generate our own Certificate Authority (CA), this is CA is only going to work for us so if your generating a certificate for production, you’ll need to send your CSR to a proper CA such as VeriSign

Step1, Make a temporary folder we can work in.

Step2, generate our private key

You will be asked for a passphrase in the creation of this key. (just use 12345) or anything butdo not forget this passphrase! You’ll have to do this all over if you forget the passphrase. You will need this passphrase later on in the process.

Step3, generate a CSR from our private key

you’ll be asked for the following information:

Make sure you fill in `Common Name` with your domain you want this certificate for, this should match your apache vhost `ServerName` setting

Now, looking at the directory we’re working in, you should have the following:

Step4, create the private key for our CA

Again, you’ll be asked for a passphrase, which, again, you should not forget.

Step5, create CA certificate using the key we just made

You will be asked for similar information you were asked for when we make the web server certificate earlier; this information should be about you, enter something like the following

Now you will have 4 files your directory; server.key, server.csr, ca.key, ca.crt
Next is the important park, signing our certificate request.

The easiest way to do this is to use the sign.sh script contained in the mod_ssl source,
or you can get it here: sign.sh
copy the script to the working directory

Step6, make sign.sh executable and sign our CSR

you should get something like the following:

Answer ‘y’ to the question asking to Sign the certificate [y/n]

Step7, remove password requirement from server key

you be asked for the passphase

Step8, copy files to our webserver

Step9, add the configuration to your VirtualHost block listening on the SSL port 443

Step10, Tell apache to listen on 443
By default there is a file in /etc/apache2/extras called httpd-ssl.conf
this needs to edited and included in /etc/apache2/httpd.conf its commented out initially.

Depending where you are defining your VirtualHost blocks
Comment out or remove the _default_ virtualHost block in httpd-ssl.conf, this will cause errors when starting apache because we have no configured certificate for the example apache provites

Edit your httpd.conf to include the etc/httpd-ssl.conf file, scroll to the bottom the file, you’ll notice its commented out at around line #476

Just remove the # and move onto the next step

I use a seperate vhosts folder in extra, containing individual conf files for each virtualhost, they are included in the extra/httpd-vhosts.conf files using the following:

Include /private/etc/apache2/extra/vhosts/*.conf

Step10, restart apache

Step11, (a few steps in itself) Add our CA to Firefox so it think its a trusted authority
Go to Preferences (Cmd + ,)
Go to Advanced
Go to Encryption
Click ‘View Certificates’
Choose the ‘Authorities’ tab
Click ‘Import’
Hit Shift + Cmd + g to open the go to folder window
Enter ‘/etc/apache2/certs’ (You might be asked to authenticate with your system password)
Select the ca.crt file we generated earlier and click ‘Open’
Firefox will ask you:
Do you want to trust “My CA” for the following purposes?
Just select Trust this CA to identify websites
Click ‘OK’
Restart your browser

If you’ve followed everything correctly when you go to https://localhost (or whatever CommonName you specified)
You will get a ssl encrypted site and no warnings about the certificate not being trusted.

Example showing a local vhost with a verified cert

If apache doesn’t come backup then apache’s config checks program is your best friend.