typo

[oweals/openssl.git] / doc / HOWTO / certificates.txt

diff --git a/doc/HOWTO/certificates.txt b/doc/HOWTO/certificates.txt
index d7e16c1da1c14dc66dfe8be5275b9766d333efed..a8a34c7abc5184596234405813654608559210bc 100644 (file)
--- a/doc/HOWTO/certificates.txt
+++ b/doc/HOWTO/certificates.txt
@@ -66,18 +66,15 @@ Section 5 will tell you more on how to handle the certificate you
 received.
 
 
-4. Creating a self-signed certificate
+4. Creating a self-signed test certificate
 
 If you don't want to deal with another certificate authority, or just
-want to create a test certificate for yourself, or are setting up a
-certificate authority of your own, you may want to make the requested
-certificate a self-signed one.  If you have created a certificate
-request as shown above, you can sign it using the 'openssl x509'
-command, for example like this (to create a self-signed CA
-certificate):
-
-  openssl x509 -req -in cert.csr -extfile openssl.cnf -extensions v3_ca \
-         -signkey privkey.pem -out cacert.pem -trustout
+want to create a test certificate for yourself.  This is similar to
+creating a certificate request, but creates a certificate instead of
+a certificate request.  This is NOT the recommended way to create a
+CA certificate, see ca.txt.
+
+  openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
 
 
 5. What to do with the certificate