Now that we have a private certificate authority, we can create the certificate for the Mosquitto server, that is, a certificate for the computer that will run the MQTT server.

First, we must generate a new private key that will be different from the private key we generated for our own private certificate authority.

Go to the Terminal in macOS or Linux, or the Command Prompt in Windows. Run the following command to create a 2,048-bit key and save it in the server.key file:

openssl genrsa -out server.key 2048

The following lines show a sample output generated by the previous command:

Generating RSA private key, 2048 bit long modulus
....................................................................................................................................................................+++ ...