This procedure allows you to create a certificate.
- Create the certificate serial file:
$ echo 01 > MyCA.srl
- Create a CSR (Certificate Signing Request):
$ openssl req -new -out MyCert.csr
This command creates a
privkey.pem file containing the RSA private key of that certificate and protected by a
password.
- Remove the private key password (Optional):
$ openssl rsa -in privkey.pem -out MyCert.pem
- Create a certificate from the Certificate Signing Request and trusted by the Certificate Authority:
$ openssl x509 -in MyCert.csr -out MyCert.crt -req -signkey MyCert.pem
-CA MyCA.crt -CAkey MyCA.pem -days 365
Note: If you want an official Certificate, you must send the CSR file to one of the self-established Certificate Authority companies on the Internet (instead of creating it with openssl).