Question
If you want to set up your own CA, you will most probably create a dedicated folder with appropriate rights where you keep all the necessary files, such as the serial and the index.txt.
Additionally, you might want to keep all received CSRs, and all signed and published certificates. Also there is most probably a .config file for OpenSSL that you want to store inside that folder.
Now my question is, whether there are any best practices or whether there is any common sense in how to structure that CA directory? Should everything just be kept inside one single folder, or does it make more sense to use subfolders? If so, for which items would you create specific subfolders? ...?
Solution
I now organized the ca folder as follows:
https://stackoverflow.com/questions/15075488
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianca
+- certs # Here, the created certificates are stored
+- private # Permissions locked down to 0700
| +- ca.key
+- ca.cert
+- index.txt
+- serial
+- openssl.config
I am looking forward to other ideas, anyway.
