Generate a Self-Signed Root CA

Generate a self-signed root certificate authority (CA).

openssl genrsa -out myca.key 2048
# password protect key: openssl genrsa -out myca.key -des3 2048
openssl req -x509 -new -key myca.key -sha384 -days 1825 -out myca.crt \
  -subj "/C=US/ST=CA/L=Santa Clara/O=MyOrg/OU=SecurityOU/CN=rootca.myorg.com/emailAddress=rootca@myorg.com"

This root CA must be installed as a trusted root CA on the users (client) machines

Note

Generating a self-signed certificate using MacOS will not generate a proper certificate that can be used for forward and reverse proxy scenarios. The certificate must have the Is CA option set to True and the certificate generated using MacOS does not. It is recommended that the self-signed certificate be generated from within the Multicloud Defense UI (Certificates > Create > Generate) or using Linux.