--- ssl-cert.eclass	2010-01-06 23:16:14.821528796 +0000
+++ /usr/portage/eclass/ssl-cert.eclass	2010-01-06 23:17:59.226528971 +0000
@@ -60,7 +60,7 @@
 		L                  = ${SSL_LOCALITY}
 		O                  = ${SSL_ORGANIZATION}
 		OU                 = ${SSL_UNIT}
-		CN                 = ${SSL_COMMONNAME}
+		CN                 = ${SSL_COMMONNAME}${1:+ CA}
 		emailAddress       = ${SSL_EMAIL}
 	EOF
 	eend $?
@@ -130,9 +130,9 @@
 	local base=`get_base $1`
 	if [ "${1}" ] ; then
 		ebegin "Generating self-signed X.509 Certificate for CA"
-		/usr/bin/openssl x509 -extfile "${SSL_CONF}" \
-			-days ${SSL_DAYS} -req -signkey "${base}.key" \
-			-in "${base}.csr" -out "${base}.crt" &>/dev/null
+		/usr/bin/openssl req -new -x509 -config "${SSL_CONF}" \
+			-days ${SSL_DAYS} -key "${base}.key" \
+			-out "${base}.crt" &>/dev/null
 	else
 		local ca=`get_base 1`
 		ebegin "Generating authority-signed X.509 Certificate"
@@ -191,16 +191,16 @@
 			return 1 ;;
 	esac
 
-	# Initialize configuration
-	gen_cnf || return 1
-	echo
-
 	# Generate a CA environment
+	gen_cnf 1 || return 1
 	gen_key 1 || return 1
-	gen_csr 1 || return 1
 	gen_crt 1 || return 1
 	echo
 
+	# Regenerate config
+	gen_cnf || return 1
+	echo
+
 	local count=0
 	for cert in "$@" ; do
 		# Check the requested certificate