Reference: http://www.mad-hacking.net/documentation/linux/security/ssl-tls/creating-ca.xml
This directory structure is needed for the Certificate Authority
mkdir -p private
mkdir -p demoCA/newcerts
touch demoCA/index.txt
[ -f demoCA/serial ] || echo 01 >> demoCA/serial
This is done once
openssl req -config /etc/ssl/openssl.cnf -newkey rsa:2048 -keyout private/cacert.key -out cacert.pem -x509 -days 3650 -extensions v3_ca
This can be done on the host machine. Replace the string test
with your chosen name.
openssl req -config /etc/ssl/openssl.cnf -newkey rsa:2048 -nodes -keyout private/test.key -out test.csr
Copy the "test.csr" file to the Certificate Authority machine and run this:
openssl ca -config /etc/ssl/openssl.cnf -in test.csr -out test.pem -keyfile private/cacert.key -cert cacert.pem -policy policy_anything -days 365