sudo su - # Become root. cd /root/ca export CN=$(hostname --fqdn) export SAN=DNS:$CN openssl genrsa -aes256 -out private/ca.key.pem 8192 openssl req -key private/ca.key.pem -new -x509 -days 1827 -extensions v3_ca -out certs/ca.cert.pem openssl x509 -noout -text -in certs/ca.cert.pem |more # Confirm everything looks good.