I posted this at godaddy.com as that's where I got the certificate, but most of the steps should apply....
Create Our Self-Signed Certificate
Under Hardware, select your sever
Click "Settings" tab
across from "SSL Certificate" click "Edit"
click on gear with arrow button and select "Manage Certificates"
click the "+" button and select "Create a certificate identity"
the defaults should be your sever name, "self signed root", and "ssl server"
check "Let me override defaults"
click "continue" and then "continue" again
choose the period of time you will be buying the certificate for. If its one year leave defaults
fill in the next screen with your info and click "continue"
keep clicking "continue" leaving defaults until you get to "Subject Alternate Name Extension" page
in the "dNSName:" field put in all the domains you will be using the certificate for, separated only by a space between each entry.
example: domain.com server.domain.com www.domain.com mail.domain.com auto discover.domain.com
You can take out IP address
now your certificate is created
click "done" and allow keychain alert
click "OK" and now in the "certificate" menu you will see your new certificate. Select it. leave it there for now.
login to your GoDaddy.com account and go to your "manage certificates" area and under credits click on the request certificate link
the CSR window will open.
go back to your lion server where you can see the certificate you created and click the gear and arrow button and choose "generate certificate signing request (CSR)"
copy the code in the box and paste it in the CSR box in the go daddy.com page. close the lion server code box window you just copied out of.
now enter each domain name you are using in the "New Subject Alt Name" box and click add after each one.
click "next" and verify your entries and then click "next" and then "finished"
they send you an email and you verify
when your certificate is ready in the certificates area of your godaddy.com account, click it and click download button.
select the 10.6 option…..yes I know this is for 10.7….just choose 10.6….trust me
now go back to server app and click "edit" across from "SSL Certificate" under settings tab
select the self-signed certificate you created in the menu
click the gear and arrow button and choose "replace certificate with signed or renewed certificate"
drag the newly downloaded .crt file into the window (not the file that starts with gd_)
click "replace certificate"
open keychain access
click "system" in "Keychains" column
click "certificates" in "Categaory" column
drag newly downloaded .crt file into the window (this is the one that starts with gd_)
go back to server app and click "edit" across from "SSL Certificate" in the "Settings" tab and select your new GoDaddy.com certificate in the certificate menu
if you want you can now select "custom" in that same menu and assign each of the listed services the new certificate.
your server name should then populate the area next to the "SSL Certificate" section of the "Settings" tab.