This initial configuration procedure assumes that you are executing it on Linux

  • Create a special user named ‘ca’. Its home directory will hold the data. It must protected carefully. For example:
groupadd -g 2000 ca
useradd -g 2000 -u 2000 -m -s /bin/bash ca
chmod 700 /home/ca
  • Change the variable dir in /etc/ssl/openssl.cnf for the home directory of the ca user just created.
  • The default values used for the certifcate requests can be changed in /etc/openssl.cnf such as countryName_default, stateOrProvinceName_default and 0.organizationName_default
  • Logon with the user ca
  • mkdir private certs reqs
  • chmod 700 private certs reqs