OpenSSL Create CA Certificate Authority and CA Signed Keys

openssl-create-ca-and-signed-keys.sh

#!/usr/bin/env bash

# Create a CA Key & Cert
openssl genrsa -out ca.key 4096
openssl req -x509 -new -key ca.key -out ca.crt -days 730 -subj /CN="MyFirstCA"

# Create a server Key & CSR
openssl genrsa -out server.key 4096
openssl req -new -out server.csr -key server.key -config openssl.cnf

# View CSR
openssl req -text -noout -verify -in server.csr

# Sign CSR with CA Cert
openssl x509 -req -in server.csr -out server.crt -days 730 -CAkey ca.key -CA ca.crt -CAcreateserial -CAserial server.serial -extensions v3_ext -extfile openssl.cnf -sha256

# View Cert
openssl x509 -text -noout -in server.crt 

openssl.cnf

[ req ]
distinguished_name = req_distinguished_name
x509_extensions    = v3_ext
req_extensions     = v3_ext
prompt             = no
default_md         = sha512
default_bits       = 4096

[ req_distinguished_name ]
C  = US
ST = CA
L  = Orange County
O  = My First Org
OU = DevOps
CN = server

[ v3_ext ]
keyUsage         = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName   = @alt_names

[ alt_names ]
DNS.0 = localhost
DNS.1 = serverName2