MicroStrategy ONE
Creating the Directories and Configuration Files for Your CA
To create your CA using OpenSSL, you must create directories to store important files for the CA, such as the server's private keys, certificates that have been signed, and so on. In addition, you must create the files that track the certificates that have been created, and an OpenSSL configuration file for your CA.
To Create the Directories and Files for the CA
- Using Windows Explorer or the UNIX Terminal, as applicable, create the following directories:
Directory
Folder name
A root directory for the CA.
A name of your choice. For example,
devCA
A subdirectory to store the CA's private key
private
For example,
devCA/private
A subdirectory to store new certificates issued by the CA
certs
For example,
devCA/certs
A subdirectory to store the new certificates in an unencrypted format
newcerts
For example,
devCA/newcerts
- In the root directory for the CA, use a text editor to create the following files:
Filename
Description
serial
(no extension)Contains the serial number for the next certificate. When you create the file, you must add the serial number for the first certificate. For example,
01
.index.txt
Used as a database to track certificates that have been issued.
- Depending on your platform, do one of the following:
- Linux: Open a terminal window, and navigate to the location where OpenSSL is installed.
The default installation folder may depend on the distribution you are using. For example, for Red Hat Enterprise Linux, the default folder is
/etc/pki/tls
. - Windows: Open a command prompt window, and navigate to the location where OpenSSL is installed. By default, this is
C:\OpenSSL-Win32\bin
.
- Linux: Open a terminal window, and navigate to the location where OpenSSL is installed.
- Create a copy of the OpenSSL configuration file
openssl.cnf
, and paste it in the root directory you created for your CA. Use a different file name, for example,openssl.dev.cnf
.