If you are creating a public web site you need to have your certificate signed by a Trusted Certificate Authority.
This process usually takes a day or two as the CA is supposed to verify that you are who you claim to be.
There are several authorities you can use.
the biggest, but not surprisingly also the most expensive.
is the next biggest, is owned by Verisign, and is quite a bit cheaper.
c. Another popular one is www.godaddy.com
which is cheaper still.
All three follow a similar process.
1. You create a Certificate Signing Request,
a. Install OPENSSL.
b. Create Private Key (no password): openssl genrsa -out .\\YourCARoot\\private\\MyRequest.key -rand .\\YourCARoot\\private\\YourRandom.rnd 2048
c. Create Certificate using Private Key: openssl req -new -days 3650 -key .\\YourCARoot\\private\\MyRequest.key -out .\\YourCARoot\\certs\\MyRequestCSR.crt -config .\\YourCARoot\\config\\OpenSSL.conf
d. Copy and paste the contents of .\\YourCARoot\\certs\\MyRequestCSR.crt
2. They take your money, and sign your CSR,
3. They give you back a Certificate which,
4. You put into a CRT file.