How to manage a little CA with openssl

Initialization

Generate the CA private key

# openssl genrsa -out ca.key 2048

or

# openssl gendsa -out ca.key 2048

Generate the initial CSR

# openssl req -new -config ca.req.cnf -out cacert.pkcs10 -keyfile ca.key

Selfsign the CSR and initialize CA stuff

# openssl ca -config ca.selfsign.cnf -out cacert.pem -batch \
  -keyfile ca.key -selfsign -infiles cacert.pkcs10

Create a new CSR (Certificate Signing Request) PKCS10