====== Certificates - Create a CA (Certificate Authority) ======

<code bash>
openssl genrsa -out myCA.key 2048
</code>

This will create an rsa key file named myCA.key that we use to sign the public pem file generated next.

Create a pem file signed with the key:

<code bash>
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 365 -out myCA.pem
</code>

This will prompt you to answer some questions to generate the pem file:

  * Country Name (2 letter code) [AU]:**JE**
  * State or Province Name (full name) [Some-State]:**Jersey**
  * Locality Name (eg, city) []:**St. Helier**
  * Organization Name (eg, company) [Internet Widgits Pty Ltd]:**ShareWiz**
  * Organizational Unit Name (eg, section) []:**IT**
  * Common Name (e.g. server FQDN or YOUR name) []:***.sharewiz.net**
  * Email Address []:


At this point you should have 2 files:

<code bash>
myCA.pem
myCA.key
</code>

The myCA.pem file is the public key.

<WRAP alert>
**ALERT:**  The myCA.key is the private key; which you do **NOT** want to share.

Protect the private key!
</WRAP>