This procedure allows you to create a certificate authority.
- Create a CSR (certificate signing request):
$ openssl req -new -out MyCA.csr
This creates a privkey.pem file containing to the RSA private key of that certificate and protected by a password.
- Remove the private key password (Optional):
$ openssl rsa -in privkey.pem -out MyCA.pem
Note: Removing the password of a certificate authority's private key is not recommended.
- Create a certificate from the Certificate Signing Request and trusted by the Root Certificate Authority:
$ openssl x509 -in MyCA.csr -out MyCA.crt -req -signkey MyCA.pem
-CA MyRootCA.crt -CAkey MyRootCA.pem -days 365
Note: If you want an official Certificate Authority, you must send the CSR file to one of the self-established Certificate Authority companies on the Internet (instead of creating it with openssl).