SuSE 11 Setup Certificate Authority?

Am following the often referenced
‘Scott Morris SuSEblog’ (

Don’t know if differences between 10.3 (the SuSEblog) and 11 are

Am also trying to reconcile the generic instructions at OpenSSL
‘OpenSSL Certificate Authority Setup’

After following the SuSEblog steps, the certificates generated
(including the CA server certs themselves)continue to generate a “Level
0” error which seems to indicate that the highest level certificates
still aren’t trusted.

The OpenSSL generic instructions seem to address this by running “make
init” which doesn’t seem to apply when OpenSSL is installed from the
OpenSuSE repositories (because those files don’t seem to exist). Also,
there is some comment that once OpenSSL is installed onto a system a
Server certificate for that machine is automatically generated.

I don’t know if that would be the case, and wouldn’t really know where
to look for this. I found the /etc/ssl/ directory which appears to
likely be related to certificates with a certificate repository in the
./certs/ subdirectory, and I also found a ./private/ subdirectory (which
is empty).

Some concrete questions :confused: :

  1. After creating a CA cert and Server Key, should placing it in the
    /etc/ssl/private/ directory be sufficient to create a CA, or are there
    other steps? I’ve tried moving the files to this location without
    effect. :stuck_out_tongue:

  2. Can someone more generally describe the virtual or physical
    architecture of a CA on SuSE? I’m a bit confused because aside from
    there not being any kind of CA application, I’m wondering if there is
    supposed to be pre-assigned paths, directories and possibly a config
    file somewhere that governs how the OS responds and where it either
    looks up CA data physically or virtually.



tsu2’s Profile:
View this thread:


to your questions:

  1. what do you expect? It is your decision where to store you
    certifications and you have to configure the apps accordingly where you
    stored you certificates. Anyway it might be a good decisions not to
    store the private key for the root CA on the same system :wink: Maybe you
    get more infos when following the discussions here ‘Where to put SSL
    Certificates/Key in Suse 11 - openSUSE Forums’
    ( and ‘Creating a CA in openSUSE - openSUSE
    Forums’ (

  2. There is a CA module for YaST and you can also use tinyca2 as a CA
    application. You already found the proposed paths but none of the
    applications will use them automatic. You have to configure every
    application separate so that they will use your certs.

Hope this helps


Monex’s Profile:
View this thread: