sudo mkdir -p /root/ca/{certs,crl,csr,newcerts,private} sudo setfacl -d -m u::rx -m g::- -m o::- /root/ca/private sudo setfacl -d -m u::rx -m g::rx -m o::rx /root/ca/certs sudo chmod 700 /root/ca/private sudo touch /root/ca/index.txt sudo tee /root/ca/serial <<< 1000