Creating a ca’s self signed certificate
In order to create your own certificates, you need a CA (certificate authority) certificate. This certificate will be used to sign every certificate you will create. To do so, execute the following command. This post assumes that “OpenSSL initial configuration” has been done previously.
- Logon with the user ca
- Go in its home directory and issue the command
openssl req -new -x509 -keyout private/cakey.pem -out certs/cacert.pem -days 3650
It is a good practice to put the private key on a removable media and load it only when signing new certificates. Do not loose it. It is the most important piece of data related to your certificates.