The PKI can reside anywhere in the file system. As location was /srv/pki chosen. Everything that is required is created as file or sub directory of this chosen directory.

  1. Create the home directory /srv/pki and change into this directory
    $ mkdir -p /srv/pki
    $ cd /srv/pki
  2. Each certification authority gets its own sub directory. Initial is only the root certification authority created while later intermediate certification authorities are created.
    $ mkdir ca-root
  3. Create a database file index.txt that keeps track of each created certificates of the certification authority
    $ touch ca-root/index.txt
  4. Create a serial number file and initiate it with the starting serial number 00
    $touch ca-root/serial
    $ echo 00 >> ca-root/serial
  5. So far are the following files and directories available
    total 0
    0 drwxr-xr-x 2 root root 3896 Jan 16 19:45 ca-root

    total 0
    0 -rw-r--r-- 1 root root 0 Jan 16 19:45 index.txt
    0 -rw-r--r-- 1 root root 3 Jan 16 19:45 serial