how to have self signed ssl certificate to use on Apache and IIS

Question

we want to create a ssl self signed certificate, that we have it both on Apache and IIS , and also use linux and windows ce devices to connect to them , i followed many toturials but i cannt find the problem ,

i started with

openssl genrsa -out rootCA.key 2048
openssl genrsa -des3 -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

openssl genrsa -out device.key 2048
openssl req -new -key device.key -out device.csr
openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 500 -sha256

but so many things are unclear to me, which file should i use for my apache server ? should i use rootCA.pem in my apache "SSLCertificatefile"? or i should pass them to my devices ?

should i generate a ".crt" for my server based on "rootCA.key" or should i have a new key ? and keep just "rootCA.key" for signing requests ?

and how to convert my linux ".pem" file to windows accepted format ?( conversion process with openssl is easy, but its not accepted by my windows ce client)

and with my devices i can get a connection with openssl lib on a linux device which is ok, but on windows ce device , nothing works

please some one explains to me how i should create it , thanks in advance its very confusing , so many toturials and so many small differences ,

Answer 1

You could use this oneliner:

openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout example.key \
  -out example.crt -subj "/CN=example.com" -days 365

The option -subj "/CN=example.com" sets the certificate subject and prevents being prompted. in this case just sets the "common name" CN to example.com