The following steps use a key size, cipher, and a single-level CA, instead of a multi-level CA infrastructure, that may be considered inefficient to support your IT security requirements. It is recommended that you review the OpenSSL commands and make the necessary changes to meet or exceed your certificate security requirements. These commands are provided as is, use at your own risk, with no guarantee that they will protect your network from a possible intrusion.

The OpenSSL package is available on all Linux distributions, Windows, for example cygwin and is available for download from the OpenSSL Web site.

On a Linux server, use the man command, for example man genrsa to find out additional information on the openssl commands like genrsa, req, x509, ca, and pkcs12.

The following steps are based on the Linux® Operating System and explain how to create a single-level CA.