How to create my own self signed certificate chain?

--Refer to https://superuser.com/questions/126121/how-to-create-my-own-certificate-chain for detail.

--like ROOT -> A -> B -> C

ROOT certificate is:

openssl req -new -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key
openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.crt

Certificate A is created like this:

openssl genrsa -out clientA.key 1024
openssl req -new -key clientA.key -out clientA.csr
openssl ca -in clientA.csr -out clientA.crt

Certificate B is created like this:

# Create a certificate request
openssl req -new -keyout B.key -out B.request -days 365

# Create and sign the certificate
openssl ca -policy policy_anything -keyfile A.key -cert A.crt-out B.crt -infiles B.request

openssl.cnf file:

[ usr_cert ]
basicConstraints=CA:TRUE # prev value was FALSE