- Prepare a directory for the root CA, where the private key of the root certificate is stored.
mkdir rootCA
mkdir rootCA/{certs,db,private}
chmod 700 rootCA/private
touch rootCA/db/db
touch rootCA/db/db.attr-
Create a root-csr.conf configuration file. Example is in /materials/root/root-csr.conf
-
Run the following command to create a new root key and a self-signed root certificate:
openssl req -x509 -sha256 -days 3650 -newkey rsa:3072 \
-config root-csr.conf -keyout rootCA/private/rootCA.key \
-out rootCA/rootCA.crt- Run the following command to check what information the created certificate contains:
openssl x509 -in rootCA/rootCA.crt -text -noout