openssl genrsa -out master.key 1024

openssl req -new -key master.key -out web-client.csr

openssl x509 -req -in web-client.csr -signkey master.key -out web-client.crt

# Servers don't need the private master to authenticate certs
# requests are authenticated via the public key, private key is kept secret
openssl rsa -in master.key -pubout > master.pub