Generate a RSA key (encryption and signing):
$ openssl genrsa -des3 -out privkey.pem 2048
If you don't want your key to be protected by a password, remove the flag
"-des3" from the command line above.

Generate a DSA key (signing):
$ openssl dsaparam -out dsaparam.pem 2048
$ openssl gendsa -des3 -out privkey.pem dsaparam.pem
If you don't want your key to be protected by a password, remove the flag
"-des3" from the command line above.

Creating a certificate request:
$ openssl req -new -key privkey.pem -out cert.csr
If the certificate authority can't handle the PEM format, use the extra
argument "-outform" followed by the keyword for the format to use (FIXME).

Creating a self-signed test certificate:
$ openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

Trusting a new authority system-wide:
$ openssl x509 -in cacert.crt -noout -hash
09abcdef
# cp cacert.crt /etc/openssl/certs/09abcdef.0