I use following commands to create certificates and private keys:
./CA.pl -newca
./CA.pl -newreq-nodes
./CA.pl -signreq
And I set newcert.pem and newkey.pem as local certificate and private key to the server. demoCA/cacert.pem is public certificate for client applications. I'd like to know if this solution is good and safe. Or where I made a mistake if it's not ok
As long as self-signed certificates are fine for your application and you can install this CA into the clients, then it should be fine. CA.pl assumes some defaults, but doesn't compromise anything security-wise. So, unless your application requires specific identifiers on the certificates themselves or a specific type of encryption to be used, you'll be just fine to use CA.pl.
