Please can you advise if this the correct process for becoming a CA for internally for group of servers?
1) openssl genrsa -des3 -out ca.key 2048 openssl req -new -x509 -key ca.key -out ca.crt 2) openssl genrsa -des3 -out ukx01137.key 2048 openssl req -new -key server.key -out server.csr 3) openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial server.crt -days 365 A few questions that help would be much appreciated for... How do you omit a pass phrase in step 2) ? The -days 365 doesn't seem to work - do I need to change openssl.cnf? Where does the public key live ?