Create a certificate

This procedure allows you to create a certificate.

  1. Create the certificate serial file:
    $ echo 01 > MyCA.srl
  2. Create a CSR (Certificate Signing Request):
    $ openssl req -new -out MyCert.csr
    This command creates a privkey.pem file containing the RSA private key of that certificate and protected by a password.
  3. Remove the private key password (Optional):
    $ openssl rsa -in privkey.pem -out MyCert.pem
  4. Create a certificate from the Certificate Signing Request and trusted by the Certificate Authority:
    $ openssl x509 -in MyCert.csr -out MyCert.crt -req -signkey MyCert.pem
     -CA MyCA.crt -CAkey MyCA.pem -days 365
    Note: If you want an official Certificate, you must send the CSR file to one of the self-established Certificate Authority companies on the Internet (instead of creating it with openssl).