On Mon, 19 Aug 2002, Mike Starke wrote:

> SSL
> You can either get a cert from one of the many authorities (Verisign, etc),
> or you can just create your own using openssl. Let us know which. Making
> your own is a breeze and I believe apache-ssl has a pretty good doc out there
> on it.

I've done this numerous times - fine for a small office environment - but 
in production it's a good idea to get a cert from a CA.  (That "this 
certificate can't be verified" message makes some people nervous).