Generate cert/key pair:
openssl req -new -x509 -keyout cakey.pem -out cacert.pem -days 3650
Decrypt key:
openssl rsa -in cakey.pem -out server.key
Place decrypted key in cert file.
And then watch it fail startup with the strangest message:
[Sun Nov 27 17:57:00 2005] [error] Illegal attempt to re-initialise SSL for server (theoretically shouldn't happen!)
Grrrrrr.