openssl certs and keys

Creating the Certificate Authority's Certificate and Keys

Generate a private key for the CA on CA:

openssl genrsa -aes256 -out ca-private_key.pass.pem 4096

Generate the X509 certificate from the ca-private_key for the CA on CA:

openssl req -new -x509 -nodes -days 365000 \

-key ca-private_key.pass.pem \

-out ca-self_signed_x509.pem

Congratulations, you are now a CA with your own self signed cert

Creating system local key and cert request

Generate the private key on system01:

openssl genrsa -aes256 -out system01-private_key.pass.pem 4096

NOTE:  Might need to remove passphrase to make it work with a service account

Generate the certificate request on system01:

openssl req -new -key system01-private_key.pass.pem -out system01-CSR.pem

Fulfill a CSR for a x509 cert

Generate the X509 certificate for system01 from the CSR on the CA:

openssl x509 -req -days 365000 -set_serial 01 \

-in system01-CSR.pem \

-out system01-signed_x509.pem \

-CA ca-self_signed_x509.pem \

-CAkey ca-private_key.pass.pem

Congratulations, you are now equivalent to verisign

Remove passphrase from private keys

openssl rsa -in [original.pass.pem] -out [original.pen]