Once you have the configuration file, openssl.cnf, setup properly (in a future article), you can start working with certificates:
openssl req -new -keyout a-key.pem -out a-req.pem -days 365 -config ./openssl.cnf
This will create a certificate signing request along with the private key. Alternatively, you can create a private key with openssl genrsa -out [filename] 1024 and use it as input to openssl req -key [filename] to create a request that corresponds to previously created private key.
openssl ca -config ./openssl.cnf -out a-cert.pem -in a-req.pem
This will sign the specified certificate signing request and output the resulting certificate in the specified output file. Created certificate can be reviewed by issuing the following command:
openssl x509 -text -noout -in a-cert.pem
openssl pkcs12 -export -out a-cert.p12 -in a-cert.pem -inkey a-key.pem
This will export both the public and the private part of the certificate into a single, pkcs12 formatted file that is ready to be imported into the browser.
