To create a self-signed CA certificate and private key for the CA, perform this command in the command shell. Be sure you in the C:\ca directory.
openssl req -x509 -newkey rsa -out ca.pem -outform PEM
You will be prompted for a PEM pass phrase twice.
The command create two files:
•ca.pem which is the certificate for the CA
•private\cakey.pem which is the private key for the CA
To view the newly create certificate, perform this command:
openssl x509 -in ca.pem -text -noout | more
Piping the output from the OpenSSL command to more produces an output that is more readable than the raw output from the OpenSSL command.