L'Antre du Tryphon

In order to create your own certificates, you need a CA (certificate authority) certificate. This certificate will be used to sign every certificate you will create. To do so, execute the following command. This post assumes that “OpenSSL initial configuration” has been done previously.

• Logon with the user ca
• Go in its home directory and issue the command

openssl req -new -x509 -keyout private/cakey.pem -out 
                            certs/cacert.pem -days 3650

It is a good practice to put the private key on a removable media and load it only when signing new certificates. Do not loose it. It is the most important piece of data related to your certificates.