This article was written for version 1.0.1f of openssl, it could work on both lower and higher version if nothing else is stated.
Articles in the Community-Space are not supported by op5 Support.
This is a short instruction on how you can create your own CA certificate & then generate a client certificate based on this CA.
Generate CA key & certificate - fill out the information when asked for such as country & organization name.
openssl genrsa -out MyRootCA.key 2048
Generate client key & certificate signing request - fill out info
IMPORTANT: CN / Common Name should be the clients IP or FQDN
openssl genrsa -out MyClient1.key 2048
Generate client certificate based on our own CA certificate
openssl x509 -req -in MyClient1.csr -CA MyRootCA.pem -CAkey MyRootCA.key -CAcreateserial -out MyClient1.pem -days 1024 -sha256