If you are setting up a local development environment or a private internal network, you likely need to generate this file yourself using OpenSSL.
Step 1: Generate the CA Private Key
openssl genrsa -out client-ca.key 4096
Step 2: Generate the CA Certificate (The clientca.pem)
This creates the .pem file that clients or servers will use. clientca.pem download
openssl req -new -x509 -days 365 -key client-ca.key -out clientca.pem \
-subj "/CN=My-Client-CA"
Step 3: Generate Client Certificates (Signed by this CA)
Now, when you generate client certificates, you will sign them using the key created in Step 1. The server will then use clientca.pem to trust those client certificates.
Once you have the correct clientca.pem, here is how to use it with common tools: If you are setting up a local development
For security, restrict read access:
# Linux/macOS
chmod 644 clientca.pem
clientca.pem Download Report
| Date | Time | User/System | Source | Destination | Verification Status |
|----------|----------|-----------------|------------|----------------|------------------------|
| 2023-04-01 | 10:00:00 | JohnDoe | Secure Repo | / secure location | Verified |