Preparing the Certificate Environment

Installing OpenSSL

The openssl command line utility is used by the Requesting Party (to create Certificate Signing Requests) and also by the Certificate Authority which then grants the certificates. It can be built manually from source code or installed using the Chocolatey package manager on the command line:

PS> choco install openssl

Setting-up the Environment for the Certificate Authority

In preparation for the following pages the directory structure to manage key pairs, certificate signing requests, signed certificates, etc. needs to be set up. For this, execute these commands one-by-one:

PS> cd d:\
PS> New-Item -ItemType "directory" -Path . -Name "certificate-environment"
PS> cd certificate-environment
PS> New-Item -ItemType "directory" -Path . -Name "certificate-authority"
PS> New-Item -ItemType "directory" -Path . -Name "requesting-party"
PS> cd requesting-party
PS> New-Item -ItemType "directory" -Path "certs", "csr", "private"
PS> cd ../certificate-authority
PS> New-Item -ItemType "directory" -Path "certs", "crl", "csr", "newcerts", "private"
PS> New-Item -ItemType "file" -Name "serial" -Value "1000"
PS> New-Item -ItemType "file" -Name "index.txt"

These commands create the following directory structure on your D: drive:

┣━ certificate-environment/
┃  ┣━ root_ca/
┃  ┃  ┣━ certs/
┃  ┃  ┣━ crl/
┃  ┃  ┣━ csr/
┃  ┃  ┣━ newcerts/
┃  ┃  ┣━ private/
┃  ┃  ┣━ public/
┃  ┃  ┣━ index.txt
┃  ┃  ┗━ serial
┃  ┗━ requesting-party/
┃  ┃  ┣━ certs/
┃  ┃  ┗━ csr/
┃  ┃  ┣━ private/

Continue Reading

With the environment for the Certificate Authority set-up, you can add the Configuration Files.