Create a “Root CA” certificate
1. Generate a key file for “Root CA”
openssl genrsa –aes256 -out ca/private/ca.key 4096
2. Change the permission of ca.key
chmod 400 ca/private/ca.key
3. Check the content of ca.key
openssl rsa -noout -text -in ca/private/ca.key
4. Generate a certificate file for “Root CA”
openssl req -config ca/ca.conf -key ca/private/ca.key -new -x509 -days 3650 -sha256 -extensions v3_ca -out ca/certs/ca.crt
5. Change the permission of ca.crt
chmod 444 ca/certs/ca.crt
6. Check the contents of ca.crt
openssl x509 -noout -text -in ca/certs/ca.crt
See also:
OpenSSL (3) - Server Certificate