Skip to Content Information Center

Markvision Enterprise

Markvision Enterprise

Not your product?

Search the Information Center

Creating a root CA certificate

Note: You can create a self‑signed root CA certificate or generate a certificate request, and then get it signed by the root CA.

Run the following commands:

Note: Replace the key length, signature algorithm, and certificate name with the appropriate values.

openssl genrsa -out /etc/certs/openxpki_ca-one/ca-root-1.key -passout file:/etc/certs/openxpki_ca-one/pd.pass 4096

openssl req -new -key /etc/certs/openxpki_ca-one/ca-root-1.key -subj /DC=COM/DC=LEXMARK/DC=DEV/DC=CA-ONE/CN=MYOPENXPKI_ROOTCA -out /etc/certs/openxpki_ca-one/ca-root-1.csr

openssl req -config /etc/certs/openxpki_ca-one/openssl.conf -extensions v3_ca_extensions -x509 -days 3560 -in /etc/certs/openxpki_ca-one/ca-root-1.csr -key /etc/certs/openxpki_ca-one/ca-root-1.key -out /etc/certs/openxpki_ca-one/ca-root-1.crt -sha256

Was this article helpful?

Related content

Top