nohup openssl ocsp -index index.txt -CA root_ca_cert.pem -port 8880 -rkey private/ocsp_key.pem -rsigner ocsp_cert.pem -nmin 20 &
CAcert (www.cacert.org) is a non-profit CA that will sign your Certificate Requests (CSR) for free.
MODBOA's Command Line Guide to OpenSSL - http://www.madboa.com/geek/openssl
WARNING: If you make your certificates with keys longer than 1024 bits they will be fragmented. OpenSwan (as of 2.1.3) has a bug in dealing with that situation and you will be unable to establish a connection.
