typo

[oweals/openssl.git] / doc / HOWTO / certificates.txt

diff --git a/doc/HOWTO/certificates.txt b/doc/HOWTO/certificates.txt
index 82166e0dc23e5a66c28ca5e9ed229d65b2d20b48..a8a34c7abc5184596234405813654608559210bc 100644 (file)
--- a/doc/HOWTO/certificates.txt
+++ b/doc/HOWTO/certificates.txt
@@ -48,7 +48,7 @@ you have your own certificate authority, you may sign it yourself, or
 if you need a self-signed certificate (because you just want a test
 certificate or because you are setting up your own CA).
 
-The certificate is created like this:
+The certificate request is created like this:
 
   openssl req -new -key privkey.pem -out cert.csr
 
@@ -66,18 +66,15 @@ Section 5 will tell you more on how to handle the certificate you
 received.
 
 
-4. Creating a self-signed certificate
+4. Creating a self-signed test certificate
 
 If you don't want to deal with another certificate authority, or just
-want to create a test certificate for yourself, or are setting up a
-certificate authority of your own, you may want to make the requested
-certificate a self-signed one.  If you have created a certificate
-request as shown above, you can sign it using the 'openssl x509'
-command, for example like this (to create a self-signed CA
-certificate):
-
-  openssl x509 -req -in cert.csr -extfile openssl.cnf -extensions v3_ca \
-         -signkey privkey.pem -out cacert.pem -trustout
+want to create a test certificate for yourself.  This is similar to
+creating a certificate request, but creates a certificate instead of
+a certificate request.  This is NOT the recommended way to create a
+CA certificate, see ca.txt.
+
+  openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
 
 
 5. What to do with the certificate