This article will show openssl parameters to generate CA certificate keypairs.
This command will generate private certificate “ca.key” under private folder, and public certificate “ca.crt” under certs folder.
In RedHat CentOS server, you can execute below command under /etc/pki/CA folder.

root@server.example.com [CA]# openssl req -new -x509 -extensions v3_ca -keyout private/ca.key -out certs/ca.crt -days 3650
Generating a 2048 bit RSA private key
..........................+++
......................................................................................................................................................+++
writing new private key to 'private/ca.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:SG
State or Province Name (full name) []:Singapore
Locality Name (eg, city) [Default City]:Singapore
Organization Name (eg, company) [Default Company Ltd]:Example Ltd
Organizational Unit Name (eg, section) []:Certificate Authority
Common Name (eg, your name or your server's hostname) []:example.com
Email Address []:webmaster@example.com
Posted in Uncategorized.