1. Create a new Certificate Authority -- CA.pl does this, but it's a one-time operation. See Securing Communications with SSL/TLS: Using CA.pl if you are interested in the details.
CA.pl
up