# Create a CSR and lets have the new CA sign it
openssl genrsa -out auxbrain.key 2048
openssl req -new -key auxbrain.key -out auxbrain.csr -nodes
-openssl x509 -req -in auxbrain.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out auxbrain.crt -days 825 -sha256 -extfile auxbrain.ext
-# You now have myCA.pem - the public certificate of your root CA, auxbrain.key - the private key for your webserver, auxbrain.pem - the public cert for your webserver.
+openssl x509 -req -in auxbrain.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out auxbrain.pem -days 825 -sha256 -extfile auxbrain.ext
+# You now have:
+# myCA.pem - the public certificate of your root CA
+# auxbrain.key - the private key for your webserver
+# auxbrain.pem - the public cert for your webserver.
```
Use the generated `auxbrain.pem` and `auxbrain.key` files for your webserver SSL/TLS configuration. For nginx, append following values to your server directive: