> How can one acutaly implement this with self-signed keys with > OpenSSL/Apache (read as: I've read the theory, show me the commands)? :) Try this link, someone on PLUG pointed me there and it helped me then: http://www.natecarlson.com/include/showpage.php?cat=linux&page=ipsec-x509#gencert Regards