The PKI can reside anywhere in the file system. As location was /srv/pki chosen. Everything that is required is created as file or sub directory of this chosen directory.
- Create the home directory /srv/pki and change into this directory
$ mkdir -p /srv/pki
$ cd /srv/pki
- Each certification authority gets its own sub directory. Initial is only the root certification authority created while later intermediate certification authorities are created.
$ mkdir ca-root
- Create a database file index.txt that keeps track of each created certificates of the certification authority
$ touch ca-root/index.txt
- Create a serial number file and initiate it with the starting serial number 00
$ echo 00 >> ca-root/serial
- So far are the following files and directories available
0 drwxr-xr-x 2 root root 3896 Jan 16 19:45 ca-root
0 -rw-r--r-- 1 root root 0 Jan 16 19:45 index.txt
0 -rw-r--r-- 1 root root 3 Jan 16 19:45 serial