i’m not sure if it’s equivalent. but in the meantime i have cobbled up a series of commands from various forums to do the whole process, and i came up with the following openssl commands.

openssl genrsa -out servorootCA.key 4096

openssl req -x509 -new -nodes -key servorootCA.key -sha256 -days 3650 -out servorootCA.pem

openssl genrsa -out star.servo.internal.key 4096

openssl req -new -key star.servo.internal.key -out star.servo.internal.csr

openssl x509 -req -in star.servo.internal.csr -CA servorootCA.pem -CAkey servorootCA.key -CAcreateserial -out star.servo.internal.crt -days 3650 -sha256 -extfile openssl.cnf -extensions v3_req

with only the crt and key files on the server, while the rest is on a usb stick for keeping them out of the way.

hopefully it’s the same. though i’ll still go through the book out of curiosity… and come to think of it. i do also need to setup calibre :-).

thanks for everything. i’ll have to update the post with the full solution after i’m done, since it turned out to be a lot more messy than anticipated…