======How to manage a little CA with openssl======

===== Initialization ======

==== Generate the CA private key ====

<code>
# openssl genrsa -out ca.key 2048
</code>

or 

<code>
# openssl gendsa -out ca.key 2048
</code>

==== Generate the initial CSR ====

<code>
# openssl req -new -config ca.req.cnf -out cacert.pkcs10 -keyfile ca.key
</code>

==== Selfsign the CSR and initialize CA stuff ====

<code>
# openssl ca -config ca.selfsign.cnf -out cacert.pem -batch \
  -keyfile ca.key -selfsign -infiles cacert.pkcs10
</code>


=====Create a new CSR (Certificate Signing Request) PKCS10=====