If you want a CA-signed key for the web server, you can change this.  Follow the steps below: 

Create SSL Certificate for Admin Interface  (optional, but removes SSL cert errors when accessing) :

1.    Create a new key, and then generate a CSR (Certificate Signing Request) with that key from a shell prompt :

openssl genrsa -out HOSTNAME.key 2048

openssl req -new -key HOSTNAME.key -out HOSTNAME.csr

Note that the "State" in the request must be fully spelled out (eg, "California") whilst the country should be just the 2 letter code ("US").

2.    Send the CSR to your preferred Certificate Signing Authority (CA), and request the signed certificate be generated in "PEM" format (sometimes called "Apache" or "OpenSSL" format).

3.    Once the CSR has been signed by the CA, you will receive 2 files back - the signed cert (.crt or .pem) and one or more Intermediate certificates, often as a "bundle".  These two files need to be merged into a single file with the signed certificate first (the .crt) followed by any intermediate certificates (or the "bundle")

4.    Put the key generated above and the signed certificate/intermediates into the directory /var/opt/silvertail/certs, overwriting the files already in that directory that match the hostname on the system.

5.    Restart SiteProxy :

/etc/init.d/st-SiteProxy-0 restart

6.    Browse to the Admin UI and confirm that the correct certificate is presented.