# GENERATING CERTIFICATE AUTHORITY

# Generating key
openssl genrsa -aes256 -out private/ca.key.pem 2048

chmod 400 private/ca.key.pem

# Generate self-signed certificate for CA (1 year) - Locality and Email can be empty, others must be filled
openssl req -config openssl.cnf \
    -key private/ca.key.pem \
    -new -x509 -utf8 -days 365 -sha256 \
    -extensions v3_ca -out certs/ca.cert.pem

chmod 444 certs/ca.cert.pem

# Verify the root certificate
openssl x509 -noout -text -in certs/ca.cert.pem




# GENERATING CERTIFICATE FOR CONTROLLER

openssl genrsa -out private/Location.key.pem 2048

openssl req -config openssl.cnf -new -sha256 -utf8 \
    -key private/Location.key.pem \
    -out csr/Location.csr.pem

openssl ca -config openssl.cnf \
      -extensions usr_cert -days 90 -notext -utf8 -md sha256 \
      -in csr/Location.csr.pem \
      -out certs/Location.cert.pem


