Client-side SSL
For excessively paranoid client authentication.
Using self-signed certificate.
Create a Certificate Authority root (which represents this server)
Organization & Common Name: Some human identifier for this server CA.
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt