How to manage a little CA with openssl
Initialization
Generate the CA private key
# openssl genrsa -out ca.key 2048
or
# openssl gendsa -out ca.key 2048
Generate the initial CSR
# openssl req -new -config ca.req.cnf -out cacert.pkcs10 -keyfile ca.key
Selfsign the CSR and initialize CA stuff
# openssl ca -config ca.selfsign.cnf -out cacert.pem -batch \ -keyfile ca.key -selfsign -infiles cacert.pkcs10
