openssl second ca
You can find the default openssl folders and files by looking here: openssl default folder and files
Check out the openssl.cnf
file to see the default CA settings:
#################################################################### [ ca ] default_ca = CA_default # The default ca section #################################################################### [ CA_default ] dir = ./demoCA # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. [output omitted]
We can add the settings for a second CA here. For example:
#################################################################### [ ca ] default_ca = CA_default # The default ca section #################################################################### [ CA_second ] dir = ./demoCAsecond # Where everything is kept private_key = $dir/private/cakey2.pem# The private key #################################################################### [ CA_default ] dir = ./demoCA # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. [output omitted]
I only added the dir
and private_key
which is enough to demonstrate that we can use a second CA. Save the file, then specify it like this:
openssl ca -name CA_second Using configuration from /usr/lib/ssl/openssl.cnf Could not open file or uri for loading CA private key from ./demoCAsecond/private/cakey2.pem
It gives an error about the cakey2.pem
file because I didn't create it yet but this proves that it uses the configuration for the second CA.