Just run "./certmakter.sh" and follow the instructions.
The certificates are generated in a dir and contain:
server.csr - certficiate signing request
server.crt - self-signed certificate (to be replaced)
server.key - private key
unitrier-ca-chain.pem - uni trier chain
Then submit the server.csr to https://pki.pca.dfn.de/rhrk-ca/uni-trier. Get approval from the local DFN PKI person.
Wait for the cert-$nr.pem mail from [email protected].
Import the cert-$nr.pem cert:
$ ./import-dfn-pem.sh cert-<nr>.pem <servername-dir>
And then scp the directory with the certificates to the server and deploy them.
There is also some useful stuff in the tools/ directory, check tools/README.md for more info.