Following steps are involved.

  • Create Certificate Authority (CA)
  • Create private-public key pair
  • Generate certificate signing request (CSR)
  • Create new certificate signed by the CA

Create Certificate Authority

Following command generate the CA key

openssl genrsa -out ca.key 4096

Create self-signed  certificate authority (CA)

openssl req -new- x509 -days 365 -key ca.key -out ca.crt

Create Server Certificate

openssl genrsa -out server.key 1024

Create Certificate Signing Request

openssl req -new -key server.key -out server.csr

Sign the CSR using the CA certificate

openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAKey ca.key -set_serial 01 -out server.crt