Create a private key with the following command.

openssl genrsa -aes256 -out privkey.pem 2048

It will prompt for a pass phrase to protect the key 

Generating RSA private key, 2048 bit long modulus
.....+++
......................................+++
e is 65537 (0x10001)
Enter pass phrase for privkey.pem:
Verifying - Enter pass phrase for privkey.pem:

Create a Self-Signed Certificate

Create a self-signed certificate with the following command

openssl req -new -x509 -key privkey.pem -out testcacert.pem -days 1095

Enter the pass phrase that was entered when creating the private key and fill out the questionnaire

Enter pass phrase for privkey.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Connecticut
Locality Name (eg, city) []:Fairfield
Organization Name (eg, company) [Internet Widgits Pty Ltd]:IPC
Organizational Unit Name (eg, section) []:eTAC
Common Name (e.g. server FQDN or YOUR name) []:this.server.com
Email Address []:

Add an Alternate Subject Name

If an alternate subject name is needed it needs to be added to a file and referenced with the -extfile argument and reference the section of the file where the extensions are.

in the example a file named  “deviceExtnFile” with the section “[ svc_cert_ext ] ” and the subject alternative name(SAN) added as “subjectAltName=IP:IP-Address,DNS.1:FQDN-VIP”

[ svc_cert_ext ]
 subjectAltName=IP:IP-Address,DNS.1:FQDN-VIP

As of Unigy V4.2 patch 2, the only X509v3 extension Unigy will accept is the “subject alternative name” extension

Sign CSR to Create a Signed Certificate

The following will create a signed certificate based on the CSR file CSRfile.csr using the testcacert.pem as the CA certificate and it’s private key privkey.pem. extfile deviceExtnFile is optional if you want an alternate subject name as entered in the deviceExtnFile file.

openssl x509 -req -days 500 -CA testcacert.pem -CAkey privkey.pem -set_serial 03142012 -in CSRfile.csr -extfile deviceExtnFile -extensions svc_cert_ext -out DeviceServerCert70.pem

Enter the pass phrase entered for the private key

Signature ok
subject=/C=US/ST=NY/L=NY/O=abcd orginization/OU=IT/CN=server.sample.COM
Getting CA Private KeyEnter pass phrase for privkey.pem: