mkdir -p ca client server
Generate CA file "ca.pem" and CA key "privkey.pem". You also need a serial number file "file.srl" containing just a two digit number and a newline.
openssl req -out ca/ca.pem -new -x509
echo "00" > ca/file.srl
No password required.
openssl genrsa -out server/server.key 1024
openssl req -key server/server.key -new -out server/server.req
openssl x509 -req -in server/server.req -CA ca/ca.pem -CAkey ca/privkey.pem -CAserial ca/file.srl -out server/server.pem
Encrypted:
openssl genrsa -des3 -out client/client.key 1024
Non-encrypted:
openssl genrsa -out client/client.key 1024
Then do:
openssl req -key client/client.key -new -out client/client.req
openssl x509 -req -in client/client.req -CA ca/ca.pem -CAkey ca/privkey.pem -CAserial ca/file.srl -out client/client.pem