OpenSSL

From the OpenSSL site:

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.

OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.

Many apps and other libraries depend upon OpenSSL: OpenSSH, postfix, and many others.

Here's a real quick and dirty way to generate a self-signed key and certificate:

# openssl genrsa -des3 -out server.key 1024
# openssl req -new -key server.key -out server.csr
# openssl x509 -req -days 999 -in server.csr -signkey server.key -out server.crt
# mv server.key server.key.secure
# openssl rsa -in server.key.secure -out server.key

First we create the private key. It'll ask for a password. Next we create a CSR based on the key. You'll have to provide the password for the key. Next we generate and sign a certificate. Next we rename the private key, then we create a copy of the private key minus the password required to use it. You can use this key and certificate with Apache, among other apps. The private key must remain private else your certificate becomes worthless and there's no point to using SSL anymore since it can be spoofed at that point.