Use OpenSSL to sign an x.509 certificate with another (example Root CA scenario)

signCertificateWithRootCACertificate.sh

# generate custom root CA certificate
openssl req -x509 -newkey rsa:4096 -keyout customRootCA.key -out customRootCA.cer -days 365

# generate leaf certificate
openssl req -x509 -newkey rsa:4096 -keyout leafCert.key -out leafCert.cer -days 365 -subj “/C=/ST=/L=/O=/CN=”

# generate certificate request for the leaf certificate
openssl x509 -x509toreq -days 365 -in leafCert.cer -signkey leafCert.key -out leafCert.req

# sign the leaf certificate request with custom root CA certificate
openssl x509 -req -days 365 -in leafCert.req -signkey customRootCA.key -out leafCert.cer