openssl genrsa -aes256 -out rootCA.key 4096 openssl req -x509 -new -nodes -key rootCA.key -sha512 -days 3650 -out rootCA.crt

Country Name (2 letter code) [AU]:FR State or Province Name (full name) [Some-State]:Ille-et-Vilaine Locality Name (eg, city) []:Rennes Organization Name (eg, company) [Internet Widgits Pty Ltd]:GRIFON Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:ca.grif Email Address []:contact@grifon.fr

C = FR, ST = Ille-et-Vilaine, L = Rennes, O = GRIFON, CN = ca.grif, emailAddress = contact@grifon.fr

openssl genrsa -out mydomain.com.key 4096 openssl req -new -key mydomain.com.key -out mydomain.com.csr

ou en one line : openssl req -new -sha256 -key mydomain.com.key -subj “/C=FR/ST=Ille-et-Vilaine/L=Rennes/O=GRIFON/CN=mydomain.com/emailAddress=contact@grifon.fr” -out mydomain.com.csr

verify csr : openssl req -in mydomain.com.csr -noout -text

generate cert : openssl x509 -req -in mydomain.com.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out mydomain.com.crt -days 500 -sha256

verify cert : openssl x509 -in mydomain.com.crt -text -noout

source : https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309