Implement self-signing in 'openssl ca'. This makes it easier to have

the CA certificate part of the CA database, and combined with 'unique_subject=no', it should make operations like CA certificate roll-over easier.
author: Richard Levitte <levitte@openssl.org> 2003-04-03 22:33:59 +0000
committer: Richard Levitte <levitte@openssl.org> 2003-04-03 22:33:59 +0000
commit: 16b1b03543fc6362f9e48f1bd9d4b153ea58c553 (patch)
tree: a7d45496f96476ba095e385f7a3502dde1f9b6b7 /doc/HOWTO
parent: e6526fbf4dc894d71ae3517a1ba484475b79b402 (diff)
1 files changed, 5 insertions, 6 deletions
diff --git a/doc/HOWTO/certificates.txt b/doc/HOWTO/certificates.txt
index d3a62545ad..a8a34c7abc 100644
--- a/doc/HOWTO/certificates.txt
+++ b/doc/HOWTO/certificates.txt
@@ -66,14 +66,13 @@ Section 5 will tell you more on how to handle the certificate you
 received.
 
 
-4. Creating a self-signed certificate
+4. Creating a self-signed test certificate
 
 If you don't want to deal with another certificate authority, or just
-want to create a test certificate for yourself, or are setting up a
-certificate authority of your own, you may want to make the requested
-certificate a self-signed one.  This is similar to creating a
-certificate request, but creates a certificate instead of a
-certificate request (1095 is 3 years):
+want to create a test certificate for yourself.  This is similar to
+creating a certificate request, but creates a certificate instead of
+a certificate request.  This is NOT the recommended way to create a
+CA certificate, see ca.txt.
 
   openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
author	Richard Levitte <levitte@openssl.org>	2003-04-03 22:33:59 +0000
committer	Richard Levitte <levitte@openssl.org>	2003-04-03 22:33:59 +0000
commit	16b1b03543fc6362f9e48f1bd9d4b153ea58c553 (patch)
tree	a7d45496f96476ba095e385f7a3502dde1f9b6b7 /doc/HOWTO
parent	e6526fbf4dc894d71ae3517a1ba484475b79b402 (diff)