Yes, if you are going to self-sign, you will need to first create private key for your CA.
Try this :
Create CA Certificate and Private Key
1. Create an RSA private key as follows
openssl genrsa -des3 -out private/ca.key 1024
2. Create an X.509 certificate and sign using a private key as follows:
openssl req -new -x509 -key private/ca.key -out public/ca.crt -days 3600
Create User Certificate
1. Create a client private key and generate a request as follows:
openssl req -new -newkey rsa:1024 -nodes -out client/client.req -keyout client/client.key
2. Create an X.509 certificate and sign it using CA as follows:
openssl x509 -CA public/ca.crt -CAkey private/ca.key -CAserial public/ca.srl -req -in client/client.req -out client/client.pem -days 100
3. Convert the .pem file to the pkcs12 format as follows:
openssl pkcs12 -export -clcerts -in client/client.pem -inkey client/client.key -out client/client.p12 -name Ujwol
Import CA Certificate into CA SPS
Now, for the SPS Apache to trust this self-signed CA and the user certificate issued by it , you will also need to import the CA certificate (public/ca.crt) as below :
(Note : The below steps should import your CA certs into /apps/ca/secure-proxy/SSL/certs/ca-bundle.cert file as per your current configuration)
1. Navigate to Proxy Configuration > SSL Config
2. Click Import CA under Embedded Web Server SSL Configuration
Click on Browse button and select the CA certificate. Then, continue clicking Next until the CA certificate is imported successfully.
If there are Intermediate CA certificate, repeat the same steps to import them as well.