I succeeded with the following procedure:

1. Generate Key

   openssl genrsa -out www.domain.com.key 1024
   openssl pkcs8 -in www.domain.com.key -topk8 -nocrypt -out www.domain.com.key.pem

   verify with:

   openssl rsa -noout -text -in www.domain.com.key.pem

2. Generate Certificate Request

   openssl req -new -key www.domain.com.key.pem -days 365 -nodes -out www.domain.com.csr

   verify with:

       openssl req -verify -in www.domain.com.csr -key www.domain.com.key.pem -noout -text

3. Submit csr file contents to certificate provider (e.g., www.supersitename.com)

4. Receive certificates

   Received:

       www.domain.com.crt
       sf_intermediate_bundle.crt

5. Create combined pem file:

   cat www.domain.com.key.pem www.domain.com.crt sf_intermediate_bundle.crt > www.domain.com.crt.pem

6. Modify pound.cfg to include:

       ListenHTTP
           Address         <ipAddressHere>
           Port            80
       End
       ListenHTTPS
           Address         <ipAddressHere>
           Port            443
           Cert            "/path/to/certs/www.domain.com.pem"
       End
       Service
           BackEnd
               Address     <ipAddressHere>
               Port        <port that apache listens to; e.g., 8181>
               TimeOut     120
           End
       End

8. Restart Pound

       service pound restart

9. Test the certificate by going to a secure web page and seeing if the certificate actually works and the certificate data are correct.

I hope this helps you, too!

Enjoy,
Steve Amerige
Fat Bear Incorporated
866.629.0000 x805 toll free - US/Canada
408.776.0000 local & international