Glad you got it figured out. For managing a local CA, I like the easy-rsa shell utilities, which are a little easier than doing all the openssl commands directly or worrying about serial/index files.