Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!
openssl genrsa -des3 -out rootCA.key 4096
#!/bin/sh | |
echo 'generating dh param' | |
openssl dhparam -out dhparam 4096 | |
echo 'generating ssl certificate and key' | |
openssl req -x509 -nodes \ | |
-newkey rsa:4096 -keyout key \ | |
-out cert -sha256 \ | |
-days 1461 \ # 4 years |