export SSLDIR=$HOME/CERT-AUTH
mkdir $SSLDIR  
mkdir $SSLDIR/certs  
mkdir $SSLDIR/crl  
mkdir $SSLDIR/newcerts 
mkdir $SSLDIR/private  
mkdir $SSLDIR/requests  
touch $SSLDIR/index.txt  
echo "01" > $SSLDIR/serial  
chmod 700 $SSLDIR 

# =================================================
# OpenSSL configuration file
# =================================================
RANDFILE         = $ENV::SSLDIR/.rnd
[ ca ]
default_ca       = CA_default
[CA_default ]
dir              = $ENV::SSLDIR
certs            = $dir/certs
new_certs_dir    = $dir/newcerts
crl_dir          = $dir/crl
database         = $dir/index.txt
private_key      = $dir/private/ca.key.pem
certificate      = $dir/certs/ca.cert.pem
serial           = $dir/serial
crl              = $dir/crl.pem
RANDFILE         = $dir/private/.rand
default_days     = 365
default_crl_days = 30
default_md       = sha1
preserve         = no
policy           = policy_anything
name_opt         = ca_default
cert_opt         = ca_default
[ usr_cert ]
basicConstraints        = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
[ v3_ca ] 
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints        = critical, CA:true
nsCertType              = sslCA
keyUsage                = cRLSign, keyCertSign 
extendedKeyUsage        = serverAuth, clientAuth 
nsComment               = "OpenSSL CA Certificate" 

openssl genrsa -aes256 -out $SSLDIR/private/ca.key.pem 4096
chmod 400 $SSLDIR/private/ca.key.pem

openssl req -new -x509 -days 3650 -key $SSLDIR/private/ca.key.pem -extensions v3_ca -out $SSLDIR/certs/ca.cert.pem 
Enter pass phrase for /root/CERT-AUTH/private/ca.key.pem:
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:NRW
Locality Name (eg, city) []:Meckenheim
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Hagen-Bauer-CA
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:Hagen-Bauer
Email Address []:hagen.bauer@caserio.de

cd $SSLDIR
openssl genrsa -out private/seeblick.hagen-bauer.de.key.pem 4096

openssl req -new -key private/www.hagen-bauer.de.key.pem -out certs/www.hagen-bauer.de.csr.pem
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:NRW
Locality Name (eg, city) []:Meckenheim
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Hagen-Bauer-CA
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:www.hagen-bauer.de
Email Address []:hagen.bauer@caserio.de

openssl ca -config openssl.conf -extensions usr_cert -notext -md sha1 -in certs/seeblick.hagen-bauer.de.csr.pem -out certs/seeblick.hagen-bauer.de.cert.pem
Using configuration from openssl.conf
Enter pass phrase for /root/CERT-AUTH/private/ca.key.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
    Serial Number: 1 (0x1)
    Validity
        Not Before: Jun 22 08:59:49 2014 GMT
        Not After : Jun 22 08:59:49 2015 GMT
    Subject:
        countryName               = DE
        stateOrProvinceName       = NRW
        localityName              = Meckenheim
        organizationName          = Hagen-Bauer-CA
        commonName                = www.hagen-bauer.de
        emailAddress              = hagen.bauer@caserio.de
    X509v3 extensions:
        X509v3 Basic Constraints: 
            CA:FALSE
        X509v3 Key Usage: 
            Digital Signature, Non Repudiation, Key Encipherment
        Netscape Comment: 
            OpenSSL Generated Certificate
        X509v3 Subject Key Identifier: 
            70:88:86:07:4.....
        X509v3 Authority Key Identifier: 
            keyid:70:80:....

Certificate is to be certified until Jun 22 08:59:49 2015 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

mkdir transferpakete   
mkdir transferpakete/www.hagen-bauer.de
cd transferpakete/www.hagen-bauer.de/
ln -s /root/CERT-AUTH/private/www.hagen-bauer.de.key.pem .
ln -s /root/CERT-AUTH/certs/ca.cert.pem .
ln -s /root/CERT-AUTH/certs/www.hagen-bauer.de.cert.pem .
cd ..
tar czvfh admin.hagen-bauer.de.tar.gz www.hagen-bauer.de

cd /etc/ssl
tar xzvf /home/hbauer/www.hagen-bauer.de.tar.gz

vi /etc/apache2/sites-enabled/hagen-bauer-admin 

SSLEngine on
SSLCertificateFile /etc/ssl/www.hagen-bauer.de/www.hagen-bauer.de.cert.pem
SSLCertificateKeyFile /etc/ssl/www.hagen-bauer.de/www.hagen-bauer.de.key.pem
SSLCACertificateFile /etc/ssl/www.hagen-bauer.de/ca.cert.pem