Title: Generate self signed cert on gentoo
Subject: quickly generate self signed cert on gentoo.

NOTE: 'Common Name' of CA must differ cert signing request.

# REF: http://www.tc.umn.edu/~brams006/selfsign.html
# REF: worthless: http://en.gentoo-wiki.com/wiki/Apache2/SSL_Certificates

# Create CA (Certificate Authority) 
openssl genrsa -des3 -out /etc/apache2/ssl/ca.key 4096

    Generating RSA private key, 4096 bit long modulus
    ......................++
    ..............................................................................................................++
    e is 65537 (0x10001)
    Enter pass phrase for /etc/apache2/ssl/ca.key:
    Verifying - Enter pass phrase for /etc/apache2/ssl/ca.key:
    PASS:FooBarN3y

openssl req -new -x509 -days 0 -key /etc/apache2/ssl/ca.key -out /etc/apache2/ssl/ca.crt

    Enter pass phrase for /etc/apache2/ssl/ca.key:
    PASS:FooBarN3y
 
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:US
    State or Province Name (full name) [Some-State]:California
    Locality Name (eg, city) []:Berkeley
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Test Server
    Organizational Unit Name (eg, section) []:Development
>>  Common Name (eg, YOUR name) []:tester CA
    Email Address []: foo@bar.com

# Create key
openssl rsa -in /etc/apache2/ssl/server.key -out  /etc/apache2/ssl/server.key.insecure
#
# Alternately, require passwd
#   openssl genrsa -des3 -out /etc/apache2/ssl/pass.key 1024

# Create "certificate signing request"
openssl req -new -key /etc/apache2/ssl/server.key.insecure -out /etc/apache2/ssl/server.csr

    Country Name (2 letter code) [AU]:US
    State or Province Name (full name) [Some-State]:California
    Locality Name (eg, city) []:Berkeley
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Test Server
    Organizational Unit Name (eg, section) []:Development
>>  Common Name (eg, YOUR name) []:tester
    Email Address []: foo@bar.com

    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:

#
# Sign it
#
openssl x509 -req -days 999 -in /etc/apache2/ssl/server.csr -CA /etc/apache2/ssl/ca.crt -CAkey /etc/apache2/ssl/ca.key -set_serial 01 -out /etc/apache2/ssl/server.crt
    PASS:FooBarN3y

#
# verify product
#
openssl x509 -noout -text -in /etc/apache2/ssl/server.crt


# To examine the components if you're curious:

openssl rsa -noout -text -in server.key
openssl req -noout -text -in server.csr
openssl rsa -noout -text -in ca.key
openssl x509 -noout -text -in ca.crt

#
# Reload apache
#
/etc/init.d/apache2 reload