Am following the often referenced
Scott Morris SuSEblog

Don't know if differences between 10.3 (the SuSEblog) and 11 are significant.

Am also trying to reconcile the generic instructions at OpenSSL
OpenSSL Certificate Authority Setup

After following the SuSEblog steps, the certificates generated (including the CA server certs themselves)continue to generate a "Level 0" error which seems to indicate that the highest level certificates still aren't trusted.

The OpenSSL generic instructions seem to address this by running "make init" which doesn't seem to apply when OpenSSL is installed from the OpenSuSE repositories (because those files don't seem to exist). Also, there is some comment that once OpenSSL is installed onto a system a Server certificate for that machine is automatically generated.

I don't know if that would be the case, and wouldn't really know where to look for this. I found the /etc/ssl/ directory which appears to likely be related to certificates with a certificate repository in the ./certs/ subdirectory, and I also found a ./private/ subdirectory (which is empty).

Some concrete questions :
1. After creating a CA cert and Server Key, should placing it in the /etc/ssl/private/ directory be sufficient to create a CA, or are there other steps? I've tried moving the files to this location without effect.

2. Can someone more generally describe the virtual or physical architecture of a CA on SuSE? I'm a bit confused because aside from there not being any kind of CA application, I'm wondering if there is supposed to be pre-assigned paths, directories and possibly a config file somewhere that governs how the OS responds and where it either looks up CA data physically or virtually.

TIA.