pepper@pepperbook:~/www/pepper/public_html/tidbits/ssl$ ./cert.sh 
cert.sh: ERROR: cert name required!
pepper@pepperbook:~/www/pepper/public_html/tidbits/ssl$ ./cert.sh secure.reppep.com
Generating RSA private key, 512 bit long modulus
...........++++++++++++
..++++++++++++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [New York]:
Locality Name (eg, city) [Brooklyn]:
Organization Name (eg, company) [reppep]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:secure.reppep.com
Email Address [webmaster@reppep.com]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /System/Library/OpenSSL/openssl.cnf
Enter pass phrase for /CA/reppep/private/cakey.pem:
DEBUG[load_index]: unique_subject = "yes"
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 2 (0x2)
        Validity
            Not Before: Nov 16 05:18:01 2006 GMT
            Not After : Nov 16 05:18:01 2007 GMT
        Subject:
            countryName               = US
            stateOrProvinceName       = New York
            organizationName          = reppep
            commonName                = secure.reppep.com
            emailAddress              = webmaster@reppep.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                FA:D0:46:82:02:99:85:44:40:58:31:F6:45:A9:BB:51:5E:88:01:64
            X509v3 Authority Key Identifier: 
                keyid:61:56:20:22:63:C4:11:32:97:E5:70:A9:C6:88:B3:1D:E4:A4:8D:6F
                DirName:/C=US/ST=New York/L=Brooklyn/O=reppep/CN=ca.reppep.com/emailAddress=webmaster@reppep.com
                serial:C7:CB:46:04:46:EF:F5:BD

Certificate is to be certified until Nov 16 05:18:01 2007 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Your files are:
-rw-------   1 pepper  admin  3210 Nov 16 00:18 secure.reppep.com.crt
-rw-------   1 pepper  admin   509 Nov 16 00:17 secure.reppep.com.csr
-rw-------   1 pepper  admin   497 Nov 16 00:17 secure.reppep.com.key

On your workstation; cd to a safe place for the cert, key, & CSR.
To download the files, use:
scp root@caserver:/CA/reppep/certs/secure.reppep.com.crt root@caserver:/CA/reppep/certs/secure.reppep.com.key root@caserver:/CA/reppep/certs/secure.reppep.com.csr ./