Step 1: Create the root certificate authority

Create the root certificate authority serial file:
```
$ echo 01 > MyCompanyCA.srl
```
Create the Root Authority's Certificate Signing Request and private key:
```
$ openssl req -new -out MyCompanyCA.csr -keyout MyCompanyCA.pem
```

Create the Root Certificate Authority for a period of validity of 2 years:

$ openssl x509 -trustout -in MyCompanyCA.csr -out MyCompanyCA.crt
 -req -signkey MyCompanyCA.pem -days 730

Note: The private key file (MyCompanyCA.pem) of a RootCertificate Authority must be handled with care. This file is responsible for the validity of all other certificates it has signed. As a result, it must not be accessible by other users.