1 files changed, 5 insertions, 7 deletions

diff --git a/crypto/openssl/doc/HOWTO/certificates.txt b/crypto/openssl/doc/HOWTO/certificates.txt
index 82166e0..d3a6254 100644
--- a/crypto/openssl/doc/HOWTO/certificates.txt
+++ b/crypto/openssl/doc/HOWTO/certificates.txt
@@ -48,7 +48,7 @@ you have your own certificate authority, you may sign it yourself, or
 if you need a self-signed certificate (because you just want a test
 certificate or because you are setting up your own CA).
 
-The certificate is created like this:
+The certificate request is created like this:
 
   openssl req -new -key privkey.pem -out cert.csr
 
@@ -71,13 +71,11 @@ received.
 If you don't want to deal with another certificate authority, or just
 want to create a test certificate for yourself, or are setting up a
 certificate authority of your own, you may want to make the requested
-certificate a self-signed one.  If you have created a certificate
-request as shown above, you can sign it using the 'openssl x509'
-command, for example like this (to create a self-signed CA
-certificate):
+certificate a self-signed one.  This is similar to creating a
+certificate request, but creates a certificate instead of a
+certificate request (1095 is 3 years):
 
-  openssl x509 -req -in cert.csr -extfile openssl.cnf -extensions v3_ca \
-	  -signkey privkey.pem -out cacert.pem -trustout
+  openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
 
 
 5. What to do with the certificate