Creating a Certificate Authority

How to create a CA and generate the key

About this task

If you do not have a corporate CA, you can perform the sample steps listed below to create one and generate the key, by modifying the data to match your environment. You can use the openssl command located in the installation directory, as follows:


  1. Browse to the following path:
    On Windows operating systems
    On UNIX operating systems
  2. ./openssl genrsa -out ca.key 2048
  3. ./openssl req -x509 -new -nodes -key ca.key -subj "/CN=WA_ROOT_CA" -days 3650 -out ca.crt -config ./openssl.cnf
    The ca.key must remain secret, the ca.crt is involved in the procedure.
  4. ./openssl genrsa -des3 -out tls.key 2048
  5. ./openssl req -new -key tls.key -out tls.csr -config ./openssl.cnf
  6. ./openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out tls.crt
  7. Retrieve the tls.crt and tls.key.