One requirement not covered in this article, is the NSS database should already be initialized with a trusted CA certificate, and with a signed SSL certificate and its associated private key.
For history purpose, the 7.1 documentation link was this:
chapter 12.3. Using certutil
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.