I'm sure most of you have no clue how to make your own certificates so I'll just steal a few lines from the openssl documentation and give you the steps. If you have an existing key you would like to use, skip down until the end.

1. openssl genrsa -out server.key 2048
   Server is very first part of your computer's hostname. For example for tesla.resnet.mtu.edu I would type tesla
2. openssl req -new -key server.key -out server.csr
   This generates a certificate signing request. What you fill in for the questions is mostly irrelevant although you should answer truthfully. The standard practice is to use your hostname for the "Common Name" field.
3. Send your CSR to me so that I can sign it with my CA key.
4. You are done. server.key is your private key, keep it to yourself. server.crt is the public key, that is the part you give out.

You can use an existing SSL certificate you have, but the private key cannot have a passphrase if you are using Racoon. To remove the passphrase from the key type
openssl rsa -in server.key -out server.key.unsecure

Note to self: CA signature command is openssl x509 -req -days 365 -CAkey ca.key -CA ca.crt -in server.csr -out server.crt
Or possibly openssl ca -in server.csr -out server.crt