Creating a certificate for a node or user

I followed the instructions on these pages:

The commands to run are:

openssl genrsa -out serverkey.pem
openssl req -new -key serverkey.pem -out newreq.pem -days 365
cat newreq.pem serverkey.pem > new.pem
openssl ca -config /etc/domtool/openssl.conf -policy policy_anything -out servercert.pem -infiles new.pem

replacing serverkey.pem and servercert.pem with appropriate names for your new key and certificate, respectively. The change I made from the cited source is to include the -config flag to reference the modified config file obtained from the page about creating a CA.

Once I figure out the final directory layout, there will be instructions here on where to put these files once they're created.