OpenSSL Self-Signed Root CA

  1. Create private key for the CA
    openssl genrsa -out ca.key 4096

  2. Create public key for the CA
    openssl req -new -sha256 -x509 -days 3650 -key ca.key -out ca.crt

  3. Create the private key for the server
    openssl genrsa -out server.key 4096

  4. Certificate signing request
    openssl req -new -sha256 -key server.key -out server.csr

  5. Sign the server certificate with the CA (creates the public key)
    openssl x509 -req -days 3650 -CA ca.crt -CAkey ca.key -set_serial 01 -in server.csr -out server.crt

  6. Delete your *.csr file(s)