On your local machine cd into the .ssh directory in your home “~/” directory. If it doesn’t exist you can create it with “mkdir ~/.ssh”. Next generate your public/private keys and copy the public key to the remote server.

cd ~/.ssh
ssh-keygen -t rsa -b 4096
# will take a couple seconds but when finished
# specify a full path (if there is already an existing key) or hit enter to install to the default location ~/.ssh
# when it prompts for a passphrase just hit enter
# and enter again when it asks to confirm the passphrase
# then we copy the public key the remote server (this assumes you don't already have an authorized_keys file)
# copy and paste the contents of the id_rsa.pub file into the authorized_keys file otherwise
scp id_rsa.pub user@yourdomain.com:.ssh/authorized_keys

You’ll need to edit your ssh config file and restart the process to allow for public/private key authentication.

vim /etc/ssh/ssh_config
# add or uncomment these two lines
RSAAuthentication yes
PubKeyAuthentication yes
# ... and restart
/etc/init.d/ssh restart

Troubleshooting

A couple of things to keep in mind. 1) Permissions matter. Make sure that your keys are not world readable (this should be secure) Run chmod 400 on authorized_keys file.

If you had a set of keys already setup in .ssh/ on your local machine and want to install the new keys in another directory so as not to overwrite the old pair, you need to add them to ssh with this command

ssh-add ~/full/path/to/your/new/keys

More information is available here http://www.debian-administration.org/articles/152

apt-get install openssl
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr

You’ll be prompted to enter a password (don’t forget it!) as well as fill in company identity information. The most important part is the common name, which is actually the domain you are requesting the certificate for. If you’re going without a wildcard certificate you can specify the subdomain ( secure.seanbehan.com ) otherwise it assumes www.seanbehan.com and seanbehan.com to be the same, and will cover both domains www.seanbehan.com and seanbehan.com… however, it will not cover anything.seanbehan.com. Unless you get a wildcard certificate (these cost more money). Enter company details such as country code, state and the rest are pretty self explanatory.

You need to then submit the server.csr file contents to a certificate authority like godaddy, verisign, etc.
Grab the contents by opening up the file

 vim server.csr 

After you submit it to them, they then will confirm that everything is correct and then give you the signed certificate back for your use on your server. Unless of course you’re faking your company details and are an evil, wicked spammer!

The certificate authority (CA) should give you instructions for installing the cert, as well as other files so that you can serve secure pages w/out any browser troubles!