#!/bin/bash # =========================================================== # Create a self signed certificate for the CA # =========================================================== # -config ... OpenSSL configuration file # -key ... private key # -new new request # -x509 output a self signed certificate instead # of a request # -days ... number of days a certificate generated # by -x509 is valid # -sha256 message digest to sign request # -extensions ... extension section in configuation file # -out ... output file # =========================================================== # for help: openssl req -help # =========================================================== openssl req -config ca_openssl.cnf \ -key ca/ca.key.pem \ -new -x509 -days 3650 -sha256 -extensions v3_ca \ -out ca/ca.cert.pem