received.
-4. Creating a self-signed certificate
+4. Creating a self-signed test certificate
If you don't want to deal with another certificate authority, or just
-want to create a test certificate for yourself, or are setting up a
-certificate authority of your own, you may want to make the requested
-certificate a self-signed one. If you have created a certificate
-request as shown above, you can sign it using the 'openssl x509'
-command, for example like this (to create a self-signed CA
-certificate):
-
- openssl x509 -req -in cert.csr -extfile openssl.cnf -extensions v3_ca \
- -signkey privkey.pem -out cacert.pem -trustout
+want to create a test certificate for yourself. This is similar to
+creating a certificate request, but creates a certificate instead of
+a certificate request. This is NOT the recommended way to create a
+CA certificate, see ca.txt.
+
+ openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
5. What to do with the certificate