The generation of final certification could look like this:

 

Tested with OpenSSL 0.9.4

 

Generation of secret key:

> openssl genrsa -des3 2048 > key.pem

 

If option -des3 is left out then the private key will be unencrypted

 

generation of Self-signed certificate:

1. in conf file openssl.cnf  at section [ req ] comment the following line

x509_extensions = .....

like this:

# x509_extensions = .....

2.

> openssl req -x509 -new -key key.pem -days 365 -sha1 > sert.pem

Insert promted parameters. To leave field empty insert dot.

 

Looking certification parameters:

> openssl x509 -fingerprint -noout < sert.pem

> openssl x509 -text -noout < sert.pem