Create a root certificate authority

This procedure allows you to create a root certificate authority.

In this task you use the openssl command tool to create the root certificate authority.

Create the root certificate authority serial file:
```
$ echo 01 > MyRootCA.srl
```
This command creates a serial file with an initial HEX value 01. OpenSSL uses this file to track the serial numbers of certificates it creates. The serial file is typically given the same name as the CA with the extension .srl.
Create a CSR (Certificate Signing Request):
```
$ openssl req -new -out MyRootCA.csr
```
This creates a privkey.pem file containing the RSA private key of that certificate that is protected by a password.
Remove the password of the private key (Optional):
```
$ openssl rsa -in privkey.pem -out MyRootCA.pem
```
Note: Removing the password of a certificate authority's private key is not recommended.
Create a self-signed certificate from the Certificate Signing Request for a validity period of 365 days:
```
$ openssl x509 -trustout -in MyRootCA.csr -out MyRootCA.crt
 -req -signkey MyRootCA.pem -days 365
```
Note: If you want an official Root Certificate Authority, you must send the CSR file to one of the self-established Certificate Authority companies on the Internet (instead of creating it with openssl).