Синхронизируйте часы во всех системах

server# openssl genrsa -des3 -out ca.key 1024
Generating DSA key, 1024 bits
Enter PEM pass phrase:Pa$$w0rd
Verifying - Enter PEM pass phrase:Pa$$w0rd

server# openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
Enter pass phrase for ca.key:Pa$$w0rd
...
Country Name (2 letter code) [AU]:RU
State or Province Name (full name) [Some-State]:Russia
Locality Name (eg, city) []:Moscow
Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko
Organizational Unit Name (eg, section) []:unix3
Common Name (eg, YOUR name) []:corpX.un
Email Address []:root@gate.corpX.un

Приватный ключ apache.key оставляем старый

gate# rm apache.crt

gate# openssl req -new -key apache.key -out apache.req
...
Country Name (2 letter code) [AU]:RU
State or Province Name (full name) [Some-State]:Russia
Locality Name (eg, city) []:Moscow
Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko
Organizational Unit Name (eg, section) []:unix3
Common Name (eg, YOUR name) []:gate.corpX.un
Email Address []:root@gate.corpX.un

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

gate# scp apache.req student@server:

server# openssl x509 -days 365 -req -in /usr/student/apache.req -CA ca.crt -CAkey ca.key -CAcreateserial -out apache.crt
Signature ok
subject=/C=RU/ST=Russia/L=Moskw/O=cko/OU=freebsd/CN=corpX.un/emailAddress=root@gate.corpX.un
Getting CA Private Key
Enter pass phrase for ca.key:


server# openssl ca -days 365 -in apache2.req -cert ca.crt -keyfile ca.key -out apache2.crt


gate# scp student@server:/root/apache.crt .

gate# rm apache.req