openssl genrsa -aes256 -out ca.key 4096
openssl req -key ca.key -new -x509 -days 7300 -sha256 -extensions v3_ca -out ca.crt
- Create server certificate and key:
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt -CA ca.crt -CAkey ca.key -set_serial 1
- Create client certificate and key:
openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr
openssl x509 -req -days 3650 -in client.csr -signkey client.key -out client.crt -CA ca.crt -CAkey ca.key -set_serial 1
openssl pkcs8 -topk8 -in server.key -nocrypt -inform PEM -outform PEM -out server.pk8