ca-sign: Add instructions for generating CA key and cert to header.

diff --git a/ca-sign b/ca-sign
index a5992bf..a587cc0 100755 (executable)
--- a/ca-sign
+++ b/ca-sign
@@ -7,6 +7,12 @@
 # Run this on deleuze as an admin.
 #
 # Usage: ca-sign days request.csr key.asc outfile.pem [domain]
+#
+# If we need to generate a new CA private key and cert, do:
+#
+# $ openssl genrsa -out private/ca.key 2048 -nodes
+# $ openssl req -config openssl.cnf -x509 -sha1 -days 3650 \
+#   -key private/ca.key -new -out ca.crt
 
 if test -n "$6" || test -z "$4"; then
     echo "Incorrect arguments."