====== Create Service Certificate ======
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = ./myCA # Location of the CA certificate and private key
database = $dir/myCAindex # Database index file
new_certs_dir = $dir/newcerts # Directory where new certs are stored
certificate = $dir/ca.crt # The CA certificate
private_key = $dir/ca.key # The CA private key
default_md = sha256 # Default digest method
preserve = no # Keep existing certificates (yes/no)
policy = policy_any # Default policy for issuing certificates
[ policy_any ]
countryName = optional
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = required
emailAddress = optional
# create private key
openssl genpkey -algorithm RSA -out server.key -pkeyopt rsa_keygen_bits:2048
# create certificate for private key
openssl req -new -key server.key -out server.csr
# sign with CA (see configuration)
openssl ca -in server.csr -out server.crt -config openssl.cnf
# view cert
openssl x509 -in server.crt -text -noout