First, we create a private key for the certificate authority and then a root certificate, which will be used to sign the other certificates.
$ openssl genrsa -des3 -out your-certificate-authority.key 4096
$ openssl req -x509 -new -nodes -key your-certificate-authority.key -sha256 -days 1095 \