Certificate Authority Setup

Files

Certificate Authority Files

Location

Purpose

/root/ca/root

Root CA data

/root/ca/inter

Intermediate CA data

/root/ca/inter/certs

Certificates signed by Intermediate CA

/root/ca/inter/crl

Certification Revocation List for Intermediate CA

/root/ca/pfx

Exported and encrypted pkcs#12 pfx files for client distribution

Updated: None

Setup basic structure required to operate CA for client authentication and revocation lists.

mkdir -p /root/ca/root/{certs,crl,newcerts,private} /root/ca/inter/{certs,crl,csr,newcerts,private} /root/ca/pfx
chmod 0700 /root/ca/{root,inter}/private
touch /root/ca/{root,inter}/index.txt
echo 1000 | tee /root/ca/root/serial /root/ca/inter/serial
echo 'unique_subject = no' | tee /root/ca/root/index.txt.attr /root/ca/inter/index.txt.attr
echo 1000 > /root/ca/inter/crlnumber

Note

Assumes all CA data will be stored in /root/.