OpenSSL tool kit is required to generate private key.
openssl genrsa -out server.key 2048
You can create a Triple-DES encrypted private key file by using
openssl genrsa -des3 -out server.skey 2048
You need to give a password (pass-phase) for the private key file. You will be prompt for the password when the private key file is used every time.
LiteSpeed web server only support private key files without encryption. You probably think it is not safe for the private key. Well, in theory, it is not as safe as the encrypted version. But in reality, it is impossible to let user input password for the SSL keys whenever the server starts or restarts. Some web server can save the password somehow and automate the pass-phase when the server starts, but it is only as good as the machine is not compromised, unless your password is hardware protected. The private key file along with the certificate file should be placed in a directory that is only readable by whom the server running as. If you generated the encrypted key file, the pass-phase can be removed with the following command:
openssl rsa -in server.skey -out server.key
1024 in above commands is the length of the private key in bits. The bigger private key is more secure. You can create bigger private key like 2048 bit. However, if you plan to get your certificate from certificate issuer, you may have to use 1024 bit private key as it is the biggest key they can process, check with the issuer first. For more information about creating SSL private key please visit http://www.openssl.org/docs/HOWTO/keys.txt