I think I can use openssl to generate those self signed files, correct? I saw some programs use 4 use_certificate_chain_file, use_certificate_file, use_private_key_file and use_tmp_dh_file in both server and client sites, but I also saw some test program only use one ca.pem in client site and 3 use_certificate_chain_file, use_private_key_file and use_tmp_dh_file in server site, which is correct or better? Any guideline?