By the sound of things, I figure you have already come across this:
http://www.asterisk.org/doxygen/trunk/Config_sip.htmlSorry, I'm not as familiar with Asterisk specifically, but since they did not go into greater detail on creating the cert, I will assume they expect you to use another program. A common utility for doing this is OpenSSL - if this is on a Linux box you may already have it installed, else look for the installer for your version. For windows you can download here:
http://gnuwin32.sourceforge.net/packages/openssl.htmNote that you can create the private key and certificate signing request file on one machine and get the signed certificate from your CA that way, then move the signed certificate and private key to the server and remove the originals (you don't want extra copies of a private key hanging around on your network - back them up on a flash drive or something for backups).
openssl genrsa -aes256 -out YourSite.Domain.com.key 2048
openssl req -new -key YourSite.Domain.com.key -out YourSite.Domain.com.csr
Open the .csr file in notepad and paste the entire contents into the CSR box like you would other csr files. To install, copy the .crt file over to the pbx server and follow the instructions for your product, which I assume are in the above link I provided.
