openssl genrsa -aes256 -out ca.key 4096
openssl req -new -x509 -days 3652 -sha256 -extensions v3_ca -key ca.key -out ca.crt Common Name: "<yourname> CA"
openssl genrsa -aes256 -out server.key 4096
openssl req -new -sha256 -key server.key -out server.csr Common name: <your server's FQDN>
openssl x509 -req -CA ca.crt -CAkey ca.key -days 1825 -extensions usr_cert -sha256 -set_serial 01 -in server.csr -out server.crt
openssl version -d
openssl s_client -showcerts -connect my.webserver.com:443 Check for: Verify return code: 0 (ok)
openssl x509 -in server.crt -noout -text