How to manage a little CA with openssl

# openssl genrsa -out ca.key 2048

or

# openssl gendsa -out ca.key 2048

# openssl req -new -config ca.req.cnf -out cacert.pkcs10 -keyfile ca.key

# openssl ca -config ca.selfsign.cnf -out cacert.pem -batch \
  -keyfile ca.key -selfsign -infiles cacert.pkcs10