Step 1: Create the root certificate authority
-
Create the root certificate authority serial file:
$ echo 01 > MyCompanyCA.srl
-
Create the Root Authority's Certificate Signing Request and private key:
$ openssl req -new -out MyCompanyCA.csr -keyout MyCompanyCA.pem
-
Create the Root Certificate Authority for a period of validity of 2 years:
$ openssl x509 -trustout -in MyCompanyCA.csr -out MyCompanyCA.crt -req -signkey MyCompanyCA.pem -days 730
Important: The private key file (MyCompanyCA.pem) of a
RootCertificate Authority must be handled with care. This file is responsible for the validity of
all other certificates it has signed. As a result, it must not be accessible by other users.
In the next step we create the server's certificate and private key, Step 2: Create the server's certificate and private key.