[root@edokumenty ~]# cd /usr/lib/openssl/

[root@edokumenty openssl]# ./CA.pl -newca
CA certificate filename (or enter to create)

Making CA certificate ...
Generating a 1024 bit RSA private key
...................++++++
.....++++++
writing new private key to './demoCA/private/cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:PL
State or Province Name (full name) [Some-State]:Slaskie
Locality Name (eg, city) []:Zabrze
Organization Name (eg, company) [Internet Widgits Pty Ltd]:BetaSoft
Organizational Unit Name (eg, section) []:Developers
Common Name (eg, YOUR name) []:eDokumentyCA
Email Address []:admins@betasoft.pl

[root@edokumenty openssl]# mkdir requests
[root@edokumenty openssl]# cd requests/
[root@edokumenty requests]# openssl genrsa -out x.key 1024
[root@edokumenty requests]# openssl genrsa  -out x.key 1024
Generating RSA private key, 1024 bit long modulus
..................................++++++
............++++++
e is 65537 (0x10001)
[root@edokumenty requests]# ls -l
razem 4
-rw-r--r--  1 root root 887 2009-10-15 11:20 x.key
[root@edokumenty requests]# openssl req -new -key x.key -days 3449 -out request.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:PL
State or Province Name (full name) [Some-State]:Slaskie
Locality Name (eg, city) []:Zabrze
Organization Name (eg, company) [Internet Widgits Pty Ltd]:BetaSoft
Organizational Unit Name (eg, section) []:Developers
Common Name (eg, YOUR name) []:edokumenty
Email Address []:admins@betasoft.pl

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@edokumenty requests]# openssl req  -noout -text -in  request.pem
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=PL, ST=Slaskie, L=Zabrze, O=BetaSoft, OU=Developers, CN=edokumenty/emailAddress=admins@betasoft.pl
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:ba:8a:0e:c0:c9:87:7a:e6:52:9e:6f:6a:6b:08:
                    ef:50:5c:86:1e:dc:e7:5f:dc:7d:75:85:88:68:95:
                    72:52:1a:28:8a:db:03:1f:e0:55:bd:7d:8b:f3:88:
                    66:be:cd:d4:8b:2b:e1:58:0f:aa:15:df:a5:20:55:
                    fd:b1:5a:30:1c:39:0e:99:b1:30:38:f0:69:c2:88:
                    ea:e3:a0:0a:21:18:66:ce:ed:44:25:67:ec:0d:fe:
                    2e:3b:29:51:d2:36:e3:29:1e:29:ba:3d:c7:cb:5e:
                    12:a4:98:d4:6d:5c:25:8c:c6:0a:05:c5:6e:1a:f5:
                    c0:60:43:d6:a8:3c:8b:9e:87
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: md5WithRSAEncryption
        9f:c0:c2:41:73:f6:d2:8c:25:5a:bc:2a:79:99:a5:f7:a5:0e:
        51:4a:da:b4:3b:ee:19:73:fb:23:ba:ab:71:2a:6b:75:ee:02:
        cc:1e:ff:25:a6:ac:ce:4f:09:83:4e:85:87:2d:ac:f0:23:94:
        3f:b2:c8:7e:af:46:ff:d5:98:0b:16:b6:71:48:7e:2d:74:8a:
        c5:d4:56:b0:9e:0c:6e:0f:a0:88:a5:8c:eb:4f:c5:eb:03:e4:
        f7:10:07:5f:aa:b9:3e:5c:93:b4:0d:89:2c:e9:1e:ec:f5:c2:
        ec:d3:44:f7:8a:94:d2:70:a4:14:94:b0:15:14:c7:a6:b6:e5:
        8c:dc
[root@edokumenty requests]# cd ..
root@edokumenty openssl]# cp requests/request.pem newreq.pem
root@edokumenty openssl]# ./CA.pl -sign
Using configuration from /var/lib/openssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number:
            db:e1:8d:be:8c:fd:cb:88
        Validity
            Not Before: Oct 15 09:23:59 2009 GMT
            Not After : Oct 15 09:23:59 2011 GMT
        Subject:
            countryName               = PL
            stateOrProvinceName       = Slaskie
            localityName              = Zabrze
            organizationName          = BetaSoft
            organizationalUnitName    = Developers
            commonName                = edokumenty
            emailAddress              = admins@betasoft.pl
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                98:8D:8C:B1:AD:5A:6A:E6:4E:BA:98:98:FE:44:6C:EB:6F:78:82:B9
            X509v3 Authority Key Identifier:
                keyid:E4:59:7A:6F:14:DA:48:D1:B1:C0:EC:1E:F9:03:DB:A2:4C:D3:2A:16
                DirName:/C=PL/ST=Slaskie/L=Zabrze/O=BetaSoft/OU=Developers/CN=eDokumentyCA/emailAddress=admins@betasoft.pl
                serial:DB:E1:8D:BE:8C:FD:CB:87

Certificate is to be certified until Oct 15 09:23:59 2011 GMT (730 days)
Sign the certificate? [y/n]:n
CERTIFICATE WILL NOT BE CERTIFIED
Signed certificate is in newcert.pem

[root@edokumenty openssl]# vim /var/lib/openssl/openssl.cnf