Create your own certificate authority
You can create your own certificate authority using the Certificate Assistant in Keychain Access. By becoming a certificate authority, you can issue certificates and validate users.
Choose Keychain Access > Certificate Assistant > Create a Certificate Authority.
Enter a name for the certificate authority.
Choose an Identity type, then choose the type of certificate to be issued by the certificate authority.
To change the way the key pairs are generated and to manually specify the values in the certificate, select “Let me override defaults.”
Note: You can create RSA keys up to 4096 bits. RSA keys smaller than 2048 bits are no longer supported.
Type your email address in the “Email from” field, then click Continue.
Review the certificate authority.
To allow a user to request a certificate from you, click Mail Invitation, then add the user’s email address and an explanation in the email.