Xana/ xana2/ quanks/ Let us see what markdown mangles 
certtool --generate-privkey > cakey.pem
echo 'cn = exampleCA' > ca.tmpl
echo 'ca' >> ca.tmpl
echo 'cert_signing_key' >> ca.tmpl
echo 'expiration_days = 732' >> ca.tmpl
certtool --generate-self-signed --load-privkey cakey.pem \
  --template ca.tmpl --outfile cacert.pem

for i in host1.example.org host2.example.org host3.example.org
do
certtool --generate-privkey > $i-key.pem
echo 'organization = Example' > server.tmpl
echo 'unit = Messaging' >>server.tmpl
echo "cn = $i" >> server.tmpl
echo 'email = postmaster@example.org' >> server.tmpl
echo 'expiration_days = 366' >> server.tmpl
#    echo 'tls_www_server' >> server.tmpl
echo 'encryption_key' >> server.tmpl
echo 'signing_key' >> server.tmpl
echo "dns_name = $i" >> server.tmpl
certtool --generate-certificate --load-privkey $i-key.pem \
  --load-ca-certificate cacert.pem --load-ca-privkey cakey.pem \
  --template server.tmpl --outfile $i.pem
done