Reputation: 150634
How to structure a CA directory for usage with OpenSSL?
If you want to set up your own CA, you will most probably create a dedicated folder with appropriate rights where you keep all the necessary files, such as the serial and the index.txt.
Additionally, you might want to keep all received CSRs, and all signed and published certificates. Also there is most probably a .config file for OpenSSL that you want to store inside that folder.
Now my question is, whether there are any best practices or whether there is any common sense in how to structure that CA directory? Should everything just be kept inside one single folder, or does it make more sense to use subfolders? If so, for which items would you create specific subfolders? ...?
Upvotes: 3
Views: 1974
Answers (1)
Reputation: 150634
I now organized the ca folder as follows:
ca
+- certs # Here, the created certificates are stored
+- private # Permissions locked down to 0700
| +- ca.key
+- ca.cert
+- index.txt
+- serial
+- openssl.config
I am looking forward to other ideas, anyway.
Upvotes: 3
Related Questions
- Signing a certificate with my CA
- How to use OpenSSL for self-signed certificates with custom CA and proper SAN settings?
- OpenSSL as a CA without touching the certs/crl/index/etc environment
- Per-directory CA in httpd 2.4 (mod_ssl)
- OpenSSL: Create a self-signed CA with many intermediate certificate levels
- How to correctly distribute root-CA's?
- SSL Certificate: how to setup CA to deal with certificate chain?
- Using OpenSSL and Want to use multiple CA_DIRs for load verify locations
- Creating your own ca with open ssl in windows
- Creating SSL sertificate with trusted CA