openssl genrsa -aes256 -out ca.key 2048
cat << | tee ca.conf
EOF
[ req ]
default_bits = 2048
default_md = sha1
default_keyfile = ca.key
distinguished_name = req_distinguished_name
extensions = v3_ca
req_extensions = v3_ca
[ v3_ca ]
basicConstraints = critical, CA:TRUE, pathlen:0
subjectKeyIdentifier = hash
##authorityKeyIdentifier = keyid:always, issuer:always
keyUsage = keyCertSign, cRLSign
nsCertType = sslCA, emailCA, objCA
[req_distinguished_name ]
# 국가 정보 수정
countryName = Country Name (2 letter code)
countryName_default = KR
countryName_min = 2
countryName_max = 2
# 조직 정보
organizationName = Organization Name (eg, company)
organizationName_default = HaeDong Inc.
# 인증서 이름
commonName = Common Name (eg, your name or your server's hostname)
commonName_default = HaeDong's Signed CA
commonName_max = 64
EOF
openssl req -new -key ca.key -out ca.csr -config ca.conf
openssl x509 -req -days 36500 -extensions v3_ca -set_serial 1 -in ca.csr -signkey ca.key -out ca.crt -extfile ca.conf
openssl x509 -noout -text -in ca.crt