Creating the Directories and Configuration Files for Your CA

To create your CA using OpenSSL, you must create directories to store important files for the CA, such as the server's private keys, certificates that have been signed, and so on. In addition, you must create the files that track the certificates that have been created, and an OpenSSL configuration file for your CA.

To Create the Directories and Files for the CA

1. Using Windows Explorer or the UNIX Terminal, as applicable, create the following directories:

   Directory	Folder name
   A root directory for the CA.	A name of your choice. For example, devCA
   A subdirectory to store the CA's private key	private For example, devCA/private
   A subdirectory to store new certificates issued by the CA	certs For example, devCA/certs
   A subdirectory to store the new certificates in an unencrypted format	newcerts For example, devCA/newcerts

2. In the root directory for the CA, use a text editor to create the following files:

   Filename	Description
   serial(no extension)	Contains the serial number for the next certificate. When you create the file, you must add the serial number for the first certificate. For example, 01.
   index.txt	Used as a database to track certificates that have been issued.

3. Depending on your platform, do one of the following:
   • Linux: Open a terminal window, and navigate to the location where OpenSSL is installed.

     The default installation folder may depend on the distribution you are using. For example, for Red Hat Enterprise Linux, the default folder is /etc/pki/tls.

   • Windows: Open a command prompt window, and navigate to the location where OpenSSL is installed. By default, this is C:\OpenSSL-Win32\bin.
4. Create a copy of the OpenSSL configuration file openssl.cnf, and paste it in the root directory you created for your CA. Use a different file name, for example, openssl.dev.cnf.