Create self-signed CA ===================== Notes: This setup uses the dns_name attribute. From here: https://tools.ietf.org/html/rfc6125#section-2.3 "In general, this specification recommends and prefers use of subjectAltName entries (DNS-ID, SRV-ID, URI-ID, etc.) over use of the subject field (CN-ID) where possible" "If a subjectAltName extension of type dNSName is present, that MUST be used as the identity. Otherwise, the (most specific) Common Name field in the Subject field of the certificate MUST be used. Although the use of the Common Name is existing practice, it is deprecated and Certification Authorities are encouraged to use the dNSName instead." Setup: ----------------------------------------------------------------------- $ certtool --generate-privkey > ca-key.pem ----------------------------------------------------------------------- $ cat > ca.info < server-key.pem ----------------------------------------------------------------------- $ cat > server.info < client-key.pem ----------------------------------------------------------------------- $ cat > client.info <