(when asked, don't enter anything under the "extra" attributes section). This makes a "newreq.pem" file. Note the "nodes" option - this makes the private key unencrypted. Highly insecure, if we were going to use this for an actual cert, but ok in our case.
Next we "sign" the request...
>ssleay ca -policy policy_anything -out newcert.pem -infiles newreq.pem
and paste it after the provate key in the "proxcert.pem" file.
That should be all you need, but I've found it takes quite a bit of trial and error to get it working. Browsers are sensitive to some values and won't accept a certificate in some cases. For example, I've never been able to make one last more than 365 days.
Anyway, hope that's of some use to someone out there. :-)
Great work sidki and JakBeNymble...BUT...what is the point in filtering secure sites??? I've hardly seen ANY secure sites except from, login to hotmail [lasts 2 secs] & login to yahoo [no ads]... Anyway, why would a secure site have ads?