CATOP=./personalCA

CAKEY=./cakey.pem

CAREQ=./careq.pem

CACERT=./cacert.pem

cd /etc/ssl

mkdir $CATOP

mkdir $CATOP/certs

mkdir $CATOP/crl

mkdir $CATOP/newcerts

mkdir $CATOP/private

echo “00” > $CATOP/serial

echo “00” > $CATOP/crlnumber

touch $CATOP/index.txt

export OPENSSL_CONF=/etc/ssl/essetigiCA.cnf

copy /etc/ssl/openssl.cnf to personalCA.cnf and edit OrganizationName, Country, State, ecc fields.

Then execute:

openssl req -new -keyout $CATOP/private/$CAKEY -out $CATOP/$CAREQ

write a complex passhprase [...]]]> Launch this commands:

CATOP=./personalCA

CAKEY=./cakey.pem

CAREQ=./careq.pem

CACERT=./cacert.pem

cd /etc/ssl

mkdir $CATOP

mkdir $CATOP/certs

mkdir $CATOP/crl

mkdir $CATOP/newcerts

mkdir $CATOP/private

echo “00” > $CATOP/serial

echo “00” > $CATOP/crlnumber

touch $CATOP/index.txt

export OPENSSL_CONF=/etc/ssl/essetigiCA.cnf

copy /etc/ssl/openssl.cnf to personalCA.cnf and edit OrganizationName, Country, State, ecc fields.

Then execute:

openssl req -new -keyout $CATOP/private/$CAKEY -out $CATOP/$CAREQ

write a complex passhprase and remember it! Without it the CA is completely useless. It asks also for information about the CA.

Now we create our CA, it asks for the passphrase:

openssl ca -out $CATOP/$CACERT $CADAYS -extensions v3_ca -days 36500 -keyfile $CATOP/private/$CAKEY -selfsign -infiles $CATOP/$CAREQ

Server certificate:

openssl req -new -nodes -keyout $CATOP/private/server_key.pem -out $CATOP/certs/server_req.pem

openssl ca -out $CATOP/certs/server_cert.pem -days 13000 -extensions server_cert -infiles $CATOP/certs/server_req.pem

client certificate:

openssl req -new -nodes -keyout $CATOP/private/client01_key.pem -out $CATOP/certs/client01_req.pem

openssl ca -out $CATOP/certs/client01_cert.pem -days 10000  -infiles $CATOP/certs/client01_req.pem

That’s all.