Setting up SSL on apache on linux ubuntu

I can't vote up on here, or comment, but Adrian Perez is right, you aren't using a certificate but a certificate signing request, on this line:

SSLCertificateFile /etc/apache2/ssl/www.example.com.csr

The CSR needs to be sent to a certificate authority to verify your identity and generate the certificate. You can self generate this using the command:

openssl x509 -req -days 365 -in www.example.com.csr -signkey www.example.com.key -out www.example.com.crt

And changing:

SSLCertificateFile /etc/apache2/ssl/www.example.com.csr

To:

SSLCertificateFile /etc/apache2/ssl/www.example.com.crt

But then you'll get warnings when you visit the site in your browser, as this would be a self signed certificate and therefore not trusted. Still, it's a good way to get your head around the process and test that the site is working. The basic steps are:

1. Generate a private Key file (only do this once, the first time you set up a site)
2. Generate a Certificate signing request
3. Pay a ton of money to a Certificate Authority to verify and issue the certificate (Thwate or similar)
4. Put key on server.

Regarding permissions, make sure the key/crt are only readable/writable by root (chmod 600) otherwise Apache will moan.

Hope this helps