To create the ca-crl.pem file in this directory, I used the following
OpenSSL command:

  # openssl ca -config ./etc/cert-tool.conf -revoke server-cert.pem \
    -cert ca-cert.pem -keyfile ca-cert.pem -crl_reason keyCompromise \
    -crldays 3650
  # openssl ca -gencrl -cert ca-cert.pem -keyfile ca-cert.pem \
    -out ca-crl.pem 

To create the .p12 (PKCS#12) file in this directory, I used the following
OpenSSL command:

  # openssl pkcs12 -export -in server-cert.cert.pem \
    -inkey server-cert.key.pem \
    -out server-cert.p12 \
    -name "ProFTPD PKCS12"

When prompted for a password, leave it blank (i.e. just hit enter).

To create the client-cert-localhost.pem file in this directory, I used:

  # cert-tool --days-valid=3650 --common-name=localhost --combined \
      --create-cert=client-cert-localhost \
      --signing-ca=ca-cert.pem --signing-key=ca-cert.pem

To create the password-protected server cert server-cert-passwd.pem in this
directory, I used:

  # cert-tool --days-valid=3650 --combined --key-cipher aes128 \
      --create-cert=server-cert-passwd \
      --signing-ca=ca-cert.pem --signing-key=ca-cert.pem

The passphrase is "password".
