OpenSSL initial configuration

This initial configuration procedure assumes that you are executing it on Linux

• Create a special user named ‘ca’. Its home directory will hold the data. It must protected carefully. For example:

groupadd -g 2000 ca useradd -g 2000 -u 2000 -m -s /bin/bash ca chmod 700 /home/ca

• Change the variable dir in /etc/ssl/openssl.cnf for the home directory of the ca user just created.
• The default values used for the certifcate requests can be changed in /etc/openssl.cnf such as countryName_default, stateOrProvinceName_default and 0.organizationName_default
• Logon with the user ca
• mkdir private certs reqs
• chmod 700 private certs reqs