If you're running your own server, your probably not shelling out $400
to get an "official" Certificate Authority to sign your key. Here's a
quick not to myself about how to create and sign your own key.
+Depending on your application, you can use either the [[GnuTLS]] or
+[OpenSSL][] toolchain.
-Use [openssl][]'s [genpkey][] to generate an *unencrypted* public key.
+GnuTLS
+------
+
+Following the [GnuTLS manual][gnutls-manual], create a certificate
+authority with [certtool][], adjusting the `cn` as you see fit:
+
+ $ certtool --generate-privkey > x509-ca-key.pem
+ $ echo 'cn = GnuTLS test CA' > ca.tmpl
+ $ echo 'ca' >> ca.tmpl
+ $ echo 'cert_signing_key' >> ca.tmpl
+ $ certtool --generate-self-signed --load-privkey x509-ca-key.pem \
+ --template ca.tmpl --outfile x509-ca.pem
+
+Now generate the *unencrypted* server key.
+
+ $ certtool --generate-privkey > x509-server-key.pem
+
+And sign the key with your CA, adjusting the `cn` as you see fit, and
+changing `dns_name` to match your fully qualified host name.
+
+ $ echo 'organization = GnuTLS test server' > server.tmpl
+ $ echo 'cn = test.gnutls.org' >> server.tmpl
+ $ echo 'tls_www_server' >> server.tmpl
+ $ echo 'encryption_key' >> server.tmpl
+ $ echo 'signing_key' >> server.tmpl
+ $ echo 'dns_name = test.gnutls.org' >> server.tmpl
+ $ certtool --generate-certificate --load-privkey x509-server-key.pem \
+ --load-ca-certificate x509-ca.pem --load-ca-privkey x509-ca-key.pem \
+ --template server.tmpl --outfile x509-server.pem
+
+You can also print certificates with [certtool][].
+
+ $ certtool --infile x509-server.pem --certificate-info
+
+OpenSSL
+-------
+
+Use [openssl][]'s [genpkey][] to generate an *unencrypted* key.
$ openssl genpkey -algorithm RSA -out key.pem
$ openssl x509 -in cert.pem -noout -text
-[openssl]: http://www.openssl.org/docs/apps/openssl.html
+[gnutls-manual]: http://www.gnu.org/software/gnutls/manual/html_node/Invoking-gnutls_002dserv.html
+[certtool]: http://www.gnu.org/software/gnutls/manual/html_node/Invoking-certtool.html#Invoking-certtool
+[OpenSSL]: http://www.openssl.org/docs/apps/openssl.html
[genpkey]: http://www.openssl.org/docs/apps/genpkey.html
[req]: http://www.openssl.org/docs/apps/req.html
[x509]: http://www.openssl.org/docs/apps/x509.html