A very ignorant question, sans doute.
I get my certificates from cacert.org, to whom I am very grateful.
I follow what I take to be the official procedure,
first creating <server>.key and <server>.csr on my server
and then getting <server>.crt by going to Server Certificate=>New
at the cacert site.
I then place the key certficate *.key in /etc/pki/tls/private/
and what I call
Nothing drives away visitors to a website faster than seeing a warning message that informs them that the site or page they clicked to visit is not trusted.
It’s a guaranteed traffic killer. No Web publisher wants visitors to see that type of message. But that is exactly what they will see if the publisher uses an SSL certificate issued by CAcert.