# Generating keys

1. Generate CA key and certificate:

```bash
openssl genrsa -aes256 -out CA/CA.key 4096
openssl req -x509 -new -nodes -key CA/CA.key -sha256 -days 1825 -out CA/CA.pem
```

2. Generate server key and CSR:

```bash
openssl genrsa -out server/server.key 4096
openssl req -new -key server/server.key -out server/server.csr
```

3. Sign the server CSR with CA:

```bash
openssl x509 -req -in server/server.csr -CA CA/CA.pem -CAkey CA/CA.key -CAcreateserial -out server/server.crt -days 1825 -sha256
```

4. Generate client key and CSR:

```bash
openssl genrsa -out client/client.key 4096
openssl req -new -key client/client.key -out client/client.csr
```

5. Sign the client CSR with ca CA:

```bash
openssl x509 -req -in client/client.csr -CA CA/CA.pem -CAkey CA/CA.key -CAcreateserial -out client/client.crt -days 1825 -sha256
```