-
Create a working directory under /opt/rootCA (you can put this anywhere it really doesn’t matter but you should secure this). Also create the following subdirectories: private, certs, newcerts.
-
Change the permissions on the new rootCA folder so that it’s read-only for everyone else but your user
chmod -R 700 /opt/rootCA