Setting up SSL on apache on linux ubuntu

I'm trying to get SSL to run on my apache web server.

I do not have the DNS for the domain setup yet is that an issue?

How do I setup SSL on my web server?

When I start apache it fails.

root@vannevar:/etc/apache2/ssl# service apache2 start
 * Starting web server apache2                                                                                                                         Action 'start' failed.
The Apache error log may have more information.

The log stats that it's unable to read the certificate.

[Thu Jun 28 15:01:02 2012] [error] Init: Unable to read server certificate from file /etc/apache2/ssl/www.example.com.csr
[Thu Jun 28 15:01:02 2012] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Jun 28 15:01:02 2012] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

The contents of /etc/apache2/httpd.conf

ServerName [SERVERIP]

The contents of /etc/apache2/ports.conf

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost [SERVERIP]:443
NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

The contents of /etc/apache2/sites-available/www.example.com

<VirtualHost *:80>
     ServerAdmin [email protected]
     ServerName example.com
     ServerAlias www.example.com
     DocumentRoot /srv/sites/example.com/public/
     ErrorLog /srv/sites/example.com/logs/error.log
     CustomLog /srv/sites/example.com/logs/access.log combined
</VirtualHost>

<VirtualHost [SERVERIP]:443>
     SSLEngine On
     SSLCertificateFile /etc/apache2/ssl/www.example.com.csr
     SSLCertificateKeyFile /etc/apache2/ssl/www.example.com.key
     SSLCACertificateFile /etc/apache2/ssl/comodo.crt

     ServerAdmin [email protected]
     ServerName example.com
     ServerAlias www.example.com
     DocumentRoot /srv/sites/example.com/public/
     ErrorLog /srv/sites/example.com/logs/error.log
     CustomLog /srv/sites/example.com/logs/access.log combined
</VirtualHost>

UPDATE:

In dreamhost (which i'm trying to get off of) I already have a domain with ssl / https I can see the three keys in the dreamhost admin certificate, private key, and intermediate certificate. Can I do anything with these? I can see that dreamhost is using comodo and my website says its PositiveSSL so... on comodo's website there is the root certificate and intermediate certificate. What do these five certificates have to do with the two created by the openssl req -new -days 365 -nodes -keyout www.mydomain.com.key -out www.mydomain.com.csr command? These two are requesting the actual certificate?

I realized that apache's error is referring to the file /etc/apache2/sites-available/www.example/com where I messed up the file type for SSLCertificateFile /etc/apache2/ssl/www.example.com.csr it's supposed to be .crt according to the linode docs

Update 2

So I went into dreamhost and coppied the keys to the following files and mapped the following

certificate => dh.crt
private key => dh.key
intermediate certificate => dh.cer

changed the connection in /sites-available/example.com and it worked (apache worked). Does this mean that ssl will work when I connect my domain?

I'm ok with the browser showing an error as long as it is set up and ready for me to setup dns. I'm checking the permissions now.

Its not permissions just made the csr 777 and the error is still there.

I used openssl req -new -days 365 -nodes -keyout www.mydomain.com.key -out www.mydomain.com.csr which is straight from the linode docs. Could this really be the case?

I created those files using openssl req -new -days 365 -nodes -keyout www.mydomain.com.key -out www.mydomain.com.csr which is straight from the linode docs. They have stuff in them.

Except that's a certificate signing request (hence the req part). You need the actual certificate.

I updated the question with a little bit of what has been going on in my head, care to take a look?

I have certificates updates question. ^^

That looks like it would generate a PEM to me. Therefore, if you used that CSR to request a cert reply, it should be ok.

In order to test if the SSL is working on your Vhost, just make an amendment to your hosts file so that www.example.com (or whatever domain you've set up) points to the IP address of your server.