Simple root CA Server
Install CA.pl
Create CA
/etc/pki/tls/misc/CA.pl -newca
Create CSR and sign
Create certificate sign request
/etc/pki/tls/misc/CA.pl -newreq
Create sign request
/etc/pki/tls/misc/CA.pl -signreq
Create a PKCS#12 file containing signed certificate and private key
/etc/pki/tls/misc/CA.pl -pkcs12 "My Test Certificate"
Extract key and certificate
openssl pkcs12 -nocerts -in mycert.p12 -out userkey.pem
openssl pkcs12 -clcerts -nokeys -in mycert.p12 -out usercert.pem
Install CA root certificate on client
openssl x509 -in cacert.pem -out cacert.crt
cp cacert.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust
Verify
openssl verify -purpose sslserver -CAfile /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt client.crt