The PKI can reside anywhere in the file system. As location was /srv/pki chosen. Everything that is required is created as file or sub directory of this chosen directory.
- Create the home directory /srv/pki and change into this directory
$ mkdir -p /srv/pki
$ cd /srv/pki
- Each certification authority gets its own sub directory. Initial is only the root certification authority created while later intermediate certification authorities are created.
$ mkdir ca-root - Create a database file index.txt that keeps track of each created certificates of the certification authority
$ touch ca-root/index.txt - Create a serial number file and initiate it with the starting serial number 00
$touch ca-root/serial
$ echo 00 >> ca-root/serial - So far are the following files and directories available
.:
total 0
0 drwxr-xr-x 2 root root 3896 Jan 16 19:45 ca-root./ca-root:
total 0
0 -rw-r--r-- 1 root root 0 Jan 16 19:45 index.txt
0 -rw-r--r-- 1 root root 3 Jan 16 19:45 serial