The private key is tied to the certificate, you can't just create a new private key to work
with an already existing certificate.
You'd create a key pair, then use it to generate a certificate request, then have that signed
by your certificate authority. Then you'd use the certificate they give you back with the key
you generated. As Trinity says, that certificate may be signed by a root authority of an
intermediate authority in which case, you'll have to configure apache to send that (and
possibly more in the chain) to clients as well so that they can link your certificate to the
root certificate authority they trust (SSLCACertificateFile configuration parameter).
To get more information from apache, try and increase the log level:
This caught me out recently.
These days you need an intermediate certificate to create a trusted chain.
See second part here:http://help.globalscape.c ...
Your cert's root authority website should give you it, eg Geotrust even if you bought the
cert from RapidSSL. Sorry if my terminology is a bit wrong, hopefully you get the idea.