Where should newly created certs go?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Where should newly created certs go?

Damien Hull
Here's what I'm running
1. Fedora Core 4
2. Configs are in /etc/pki/tls
3. root cert was placed in /etc/pki/CA

THE PROBLEM
According to /etc/pki/tls/openssl.cnf everything should be placed in
/etc/pki/CA. There are different directories in /etc/pki/CA for keys,
certs etc... When I created the root CA cert it was placed in
/etc/pki/CA. Every cert I've created since then gets placed in the
directory I'm in. Why? Shouldn't they go in the /etc/pki/CA directory?

Here's the part of openssl.cnf that I think should place things in
/etc/pki/CA. I'm hoping someone can tell me what I'm doing wrong.

    ####################################################################
    [ ca ]
    default_ca      = CA_default            # The default ca section

    ####################################################################
    [ CA_default ]

    dir             = /etc/pki/CA           # Where everything is kept
    certs           = /etc/pki/CA/certs             # Where the issued
    certs are kept
    crl_dir         = /etc/pki/CA/crl               # Where the issued
    crl are kept
    database        = /etc/pki/CA/index.txt # database index file.
    #unique_subject = no                    # Set to 'no' to allow
    creation of
                                            # several ctificates with
    same subject.
    new_certs_dir   = /etc/pki/CA/newcerts          # default place for
    new certs.

    certificate     = /etc/pki/CA/cacert.pem        # The CA certificate
    serial          = /etc/pki/CA/serial            # The current serial
    number
    #crlnumber      = /etc/pki/CA/crlnumber # the current crl number must be
                                            # commented out to leave a
    V1 CRL
    crl             = /etc/pki/CA/crl.pem           # The current CRL
    private_key     = /etc/pki/CA/private/cakey.pem# The private key
    RANDFILE        = /etc/pki/CA/private/.rand     # private random
    number file





______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]