Becoming a CA for group of internal servers?

[Hopkins, Nathan]

Please can you advise if this the correct process for becoming a CA for
internally for group of servers?

 

1)

openssl genrsa -des3 -out ca.key 2048

openssl req -new -x509 -key ca.key -out ca.crt

 

2)

openssl genrsa -des3 -out ukx01137.key 2048

openssl req -new -key server.key -out server.csr

 

3)

openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key
-CAcreateserial server.crt -days 365

 

 

A few questions that help would be much appreciated for...

 

How do you omit a pass phrase in step 2) ?

The -days 365 doesn't seem to work - do I need to change openssl.cnf?

Where does the public key live ?