Generate root CA key and certificate
Before you begin
If your company has a root certificate authority (CA) certificate available already, and if the root CA certificate has already been imported into your browser, you can skip this procedure and the next section and go straight to Generate RBA server key and certificate request.Log in to the system that you want to use for certificate management. If you intend to use the internal certificate authority (CA) for more than just testing purposes, make sure to establish proper security measurements. Ideally, the system used should have no internet access and possibly not even any network access.
Create the root CA directory:
mkdir -p /root/internalca cd /root/internalca
Generate the private key of the root CA:
openssl genrsa -out rootCAKey.pem 2048
Generate the self-signed root CA certificate:
In this example, the validity period is 3650 days. Set the appropriate number of days for your company. Make a reminder to renew the certificate before it expires.
openssl req -x509 -sha256 -new -nodes -key rootCAKey.pem -days 3650 -out rootCACert.pem
Review the certificate:
openssl x509 -in rootCACert.pem -text