How to generate self-signed ECDSA CA certificate non-interactively using OpenSSL
This post uses -newkey
syntax from How to create ECDSA P-384 (secp384r1) using OpenSSL (-newkey)
The following command will generate a self-signed CA certificate using a ECDSA P-384 key withou any interactive questions. All parameters are given on the command line.
openssl req -newkey ec:<(openssl ecparam -name secp384r1) -nodes -x509 -keyout ca.key -out ca.pem -days 365000 -subj '/CN=myca.mydomain.com/O=MyOrganization/C=DE'
Note that you don’t have to use a domain name as CN
(common name). There are few requirements for CAs in general but depending on for what - and with what software - you’ll use the CA, the requirements may vary.