Create a certificate

This procedure allows you to create a certificate.

In this procedure you use the openssl tool to perform the certificate creation tasks.

Create a Certificate Signing Request (CSR):
```
$ openssl req -new -out MyCert.csr
```
Follow the instructions to create the CSR. This command also creates a privkey.pem file containing the RSA private key of the CSR certificate that is protected by a password you provide.
Remove the private key password (Optional):
```
$ openssl rsa -in privkey.pem -out MyCert.pem
```
The unprotected private key is output in MyCert.pem.
Create a certificate from the CSR that is trusted by the Certificate Authority:
```
$ openssl x509 -in MyCert.csr -out MyCert.crt -req -signkey MyCert.pem
 -CA MyCA.crt -CAkey MyCA.pem -days 365
```
About the CSR and its private key:
- If you want an official Certificate Authority, you must send the CSR file to one of the self-established Certificate Authority companies on the Internet (instead of creating it with openssl. See Encryption and authentication).
- The CSR file is also used to encrypt messages that only its corresponding private key can decrypt.