Custom CA using OpenSSL

Generate a Private Key for the CA

openssl genrsa -out ca.key 2048

Create a Certificate Signing Request (CSR) for the CA

openssl req -new -x509 -days 365 -key ca.key -out ca.crt -subj "/C=CZ/ST=CZ/L=Prague/O=My CA/OU=CA/CN=My CA"

Generate a Private Key for the Server

openssl genrsa -out server.key 2048

Create a CSR for the Server

openssl req -new -key server.key -out server.csr -subj "/C=US/ST=California/L=San Francisco/O=My Organization/OU=Server/CN=my.domain.com"

Sign the Server’s CSR with the CA

openssl ca -in server.csr -out server.crt -key ca.key -cert ca.crt -days 365