[root@kvm5 ~]# yum install -y openssl
[root@kvm5 ~]# CADIR=/etc/pki/CA [root@kvm5 ~]# rm -f /etc/pki/tls/certs/kvm5.* [root@kvm5 ~]# rm -rf $CADIR/*
[root@kvm5 ~]# mkdir -p /etc/pki/CA/private 2>/dev/null [root@kvm5 ~]# mkdir -p $CADIR/{certs,newcerts} [root@kvm5 ~]# touch $CADIR/index.txt [root@kvm5 ~]# /bin/cp /etc/pki/tls/openssl.cnf $CADIR/ [root@kvm5 ~]# echo 01 > $CADIR/serial
[root@kvm5 ~]# cd $CADIR [root@kvm5 ~]# openssl req -days 999 -new -x509 -nodes \ -out cacert.pem \ -keyout private/cakey.pem \ -subj '/C=TW/ST=Taiwan/L=CYUT/O=CSIE/OU=DEYU/CN=kvm5.deyu.wang'
[root@kvm5 ~]# cd /etc/pki/CA/certs [root@kvm5 ~]# openssl req -days 999 -new -nodes \ -out kvm5.csr -keyout kvm5.key \ -subj '/C=TW/ST=Taiwan/L=CYUT/O=CSIE/OU=DEYU/CN=kvm5.deyu.wang' [root@kvm5 ~]# openssl ca -batch -config ../openssl.cnf -days 999 \ -in kvm5.csr -out kvm5.crt -keyfile $CADIR/private/cakey.pem \ -cert $CADIR/cacert.pem -policy policy_anything
[root@kvm5 ~]# cp $CADIR/cacert.pem /etc/pki/tls/certs/kvm5.pem [root@kvm5 ~]# cp kvm5.crt /etc/pki/tls/certs/kvm5.crt [root@kvm5 ~]# cp kvm5.key /etc/pki/tls/private/kvm5.key