There are two types of certificates: "self-signed" certificates and "signed" certificates. A "signed" certificate is issued by a Certificate Authority (CA) such as Verisign or Thawte. A "self-signed" certificate is simply a certificate that has not been issued by a CA. This provides the authentication part of the process, because the certificate has been signed by an external authority.
All of the certificate management can be done in the WebTool. You should not do any of this by hand unless you have a very good idea of what you're doing, since if it is done incorrectly it will cause the Web server to fail. As was said above, the certificate and key are a pair. If for some reason the certificate and key that are in place do not "match" each other then the Web server will fail to start. If the Web server fails to start then all of the other sites on the machine are inaccessible.
The Certificate Management section will allow you to configure your SSL certificate. This option will only be available if the virtual host you are editing has SSL enabled. Once at this menu you will be presented with three options which are each discussed below.
Generate Certificate and Key
Here you will see a screen similar to the certificate generation screen when creating a virtual host. All the fields are required. Upon completion of this form you a self-signed certificate and key pair will be created for the site. A description of each field is given below:
Generate Certificate Signing Request
A Certificate Signing Request (CSR) is what is sent to a Certificate Authority (CA), such as Verisign or Thawte to request a signed certificate for your site. This section will allow you to create one to be submitted. The form looks similar to the Generate Certificate and Key form above. You can refer to the previous section above, Generate Certificate and Key for a description of each of the fields.
There is however, one new field, Create New Certificate/Key Pair. If this option is selected it will create a new certificate and key with the information you filled in. It will then allow you to download the certificate to be signed. If you wish request a new certificate because your old one has expired then d not select the Create New Certificate/Key Pair.
Once you have all the fields filled in you can click the Generate Certificate button and you will be presented with your certificate.
Enter Certificate and Key
If you already have a certificate and a key or have sent a CSR to a CA and have received the signed certificate back, then you would want to upload it here from your local machine. This section will present you with your current SSL Certificate and give you the ability to upload a new certificate and key.
If you have a certificate and key in place then it shows you four things: