I've never had difficulty generating X.509 server certificates when following the instructions in the
ssl(8) man page as general guidance. The process is the same regardless what web server you use. (I haven't used Apache in a number of years.)
I've found the
openssl(1) man page far more daunting. The program does too many things, and those things it does do seem to be done in too many different ways.
