sudo apt-get update sudo apt-get install openssl 

openssl genpkey -algorithm RSA -out private.key -aes256 

openssl req -new -key private.key -out certificate.csr 

openssl x509 -req -days 365 -in certificate.csr -signkey private.key -out certificate.crt 

openssl verify -CAfile ca_bundle.crt certificate.crt 

openssl ca -config openssl.cnf -gencrl -out crl.pem 

openssl ca -config openssl.cnf -revoke certificate.crt -out crl.pem 

[ ca ] default_ca = CA_default  [ CA_default ] dir               = /etc/ssl/CA certs             = $dir/certs crl_dir           = $dir/crl new_certs_dir     = $dir/newcerts database          = $dir/index.txt serial            = $dir/serial RANDFILE          = $dir/private/.rand  [ req ] default_bits        = 2048 default_md          = sha256 distinguished_name  = req_distinguished_name string_mask         = utf8only  [ req_distinguished_name ] countryName                     = Country Name (2 letter code) stateOrProvinceName             = State or Province Name localityName                    = Locality Name organizationName                = Organization Name commonName                      = Common Name  [ v3_ca ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer basicConstraints = critical, CA:true keyUsage = critical, digitalSignature, cRLSign, keyCertSign