* Luke has a script 
  /home/sysadmin/certs/requests/generate.sh

To use it, add the name www.aoe.vt.edu or mail.aoe.vt.edu as an argument
  ./generate.sh mail.aoe.vt.edu

Answer the questions with the defaults, except the last question does not have the answer.  It is either
  www.aoe.vt.edu
  mail.aoe.vt.edu


To examine the request
  openssl req -text -noout -in bacchus.aoe.vt.edu_2011-03-21_web_req.csr

Submit the CSR's (which are the .pem files??) on 

[[http://www.pki.vt.edu/subscriber/ssl_certificate.html]]

there's a link on it for the form.

Fax a form

Get the certificates

copy the certs and keys to the proper locations as indicated in the conf files.

mail server
  /etc/mail/cert
defined in:
  /etc/mail/sendmail.mc
    define(`CERT_DIR',`/etc/mail/certs')
    define(`confCACERT_PATH',`CERT_DIR')
    define(`confCACERT',`CERT_DIR/cacert.pem')
    define(`confSERVER_CERT',`CERT_DIR/cert.pem')
    define(`confSERVER_KEY',`CERT_DIR/key.pem')
    define(`confCLIENT_CERT',`CERT_DIR/cert.pem')
    define(`confCLIENT_KEY',`CERT_DIR/key.pem')

Web Server
  /etc/httpd/conf/ssl.key/
  /etc/httpd/conf/ssl.crt/
defined in:
  /etc/httpd/conf.d/ssl.conf
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.aoe.vt.edu_2005-12-14_web_key.pem
    SSLCertificateFile /etc/httpd/conf/ssl.crt/www.aoe.vt.edu_2005-12-14_web.cer
    SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.c
Restart httpd
  service httpd restart
It will complain if the files are not found!