Creating the Private Key and Root Certificate for the CA

Once you have set up the files and directories for your CA, you can create a root certificate, which is used to sign certificate requests from MicroStrategy applications.

This procedure assumes that you have followed all the steps in Creating the Directories and Configuration Files for Your CA.

To Create the Private Key and Root Certificate for the CA

Depending on your platform, do one of the following:
- Linux: Open a terminal window.
- Windows: Open a command prompt window, and navigate to the location where OpenSSL is installed. By default, this is C:\OpenSSL-Win32\bin.
To create the private key and root certificate, type the following command, and press Enter:
Copy
```
openssl req -config devCApath/openssl.dev.cnf -new -x509 -extensions v3_ca -keyout devCApath/private/devCA.key -out devCApath/certs/devCA.crt -days 1825
```
Where:
- devCApath: The root directory for your CA, which is created as part of the procedure described in Creating the Directories and Configuration Files for Your CA. For example, /etc/pki/tls/devCA.
- openssl.dev.cnf: The copy of the default OpenSSL configuration file, created in the root directory for your CA.
- devCA.key: The filename for the private key.
- devCA.crt: The filename for the root certificate.
You are prompted for a pass-phrase for the key, and for information about your CA, such as your location, organization name, and so on. Use a strong pass-phrase to secure your private key, and type the required information for the CA. The private key and root certificate are created.