1) make sure openssl and CA.pl are in your path (this is important,
   CA.pl appears to work but dosen't if openssl isn't in your path).

2) In an empty directory

3) create a certificate authority:

     CA.pl -newca

   Organization Name = AMP
   Organizational Unit Name = CA
   Common Name = your name
   (remember the passphrase)

4) Make private keys for the client and the server:
   Don't set passphrases on these keys!

     openssl genrsa -out client-privkey.pem 2048
     openssl genrsa -out server-privkey.pem 2048

5) Create certificate requests for the client and the server:
     
     openssl req -new -key client-privkey.pem -out client-cert.csr

   Organization Name = AMP
   Organizational Unit Name = client
   Common Name = your name
   
     openssl req -new -key server-privkey.pem -out server-cert.csr

   Organization Name = AMP
   Organizational Unit Name = server
   Common Name = your name
   

6) Sign the requests
    openssl ca -in client-cert.csr -out client-cert.pem
    openssl ca -in server-cert.csr -out server-cert.pem


7) Install the certs and keys in AMPLET_HOME/etc (normally ~measure/etc)

   On the server:

    cp  server-cert.pem demoCA/cacert.pem server-privkey.pem ~measure/etc

   On the client

    cp  client-cert.pem demoCA/cacert.pem client-privkey.pem ~measure/etc
  

   NOTE: The tests use the same machine as server and client.  In this
         case both sets of file are installed on the same machine.  Do
         not install the server key on the clinet machines because
         that would allow and compromised client to execute any
         command on any other client through the xfer server command
         interface.