To make certificate authority:

mkdir demoCA
cd demoCA
mkdir certs crl newcerts private
echo "01" > serial
touch index.txt
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650


-----

To make a new certificate:

cd demoCA   (same directory created above)
openssl req -nodes -new -x509 -keyout newkey.pem -out newreq.pem -days 1826

(certificate and private key in file newkey.pem) To sign new certificate
with certificate authority:

cd demoCA        (same directory created above)
openssl x509 -x509toreq -days 1826 -in newreq.pem -signkey newkey.pem -out ../tm
p.pem
cd ..
openssl ca -policy policy_anything -days 1826 -out newcert.pem -infiles tmp.pem
rm tmp.pem

(newkey.pem contains signed certificate, newreq.pem still contains
unsigned certificate and private key)


-----


To print certificate information from a .pem encoded file:

openssl x509 -in newcert.pem -noout -text