If you've decided to go the route of getting a proper, official SSL certificate signed by a certificate authority, the recommended process is to create a self-signed certificate, generate a Certificate Signing Request (CSR) and submit it to a certificate authority, and then replace your self-signed certificate with the one signed by the certificate authority.
To obtain a signed certificate from a certificate authority, follow these steps:
Follow all the steps earlier in this chapter to create a self-signed certificate.
Open Server Admin, which is located in /Applications/Server.
In the sidebar on the left, select your server.
If no services are listed under the server name, click the disclosure triangle next to the server name to reveal them.
If the service names are dimmed, choose Server Connect, type your username and password if they're not already filled in, and then click Connect. The list of services refreshes, and those currently running appear with a green dot next to them.
Click the Certificates button on the toolbar.
Select the certificate that you want to have signed.
Click the Action pop-up menu (with the gear icon) below the list of certificates and then choose Generate Certificate Signing Request (CSR). A dialog box opens, containing the text of the CSR (a long block of characters).
Click the Save button, type a ...