Keytool used to generate version 1 self-signed certificates.  Now it is
mandatory to be version 3.  Default version 3 should be OK.  However, in
some circumstances (for example for testing purpose), version 1
self-signed certificate may still be useful.

It would be a low priority, but may be nice to add an option to support
specified certificate version number for certificate generation.