diff --git a/nova/CA/geninter.sh b/nova/CA/geninter.sh
index 1fbcc9e73eee..4b7f5a55c7cc 100755
--- a/nova/CA/geninter.sh
+++ b/nova/CA/geninter.sh
@@ -23,7 +23,7 @@ mkdir -p projects/$NAME
 cd projects/$NAME
 cp ../../openssl.cnf.tmpl openssl.cnf
 sed -i -e s/%USERNAME%/$NAME/g openssl.cnf
-mkdir certs crl newcerts private
+mkdir -p certs crl newcerts private
 openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf -batch -nodes
 echo "10" > serial
 touch index.txt
diff --git a/nova/CA/genrootca.sh b/nova/CA/genrootca.sh
index 8f2c3ee3fe7a..091cf17fcb9e 100755
--- a/nova/CA/genrootca.sh
+++ b/nova/CA/genrootca.sh
@@ -20,8 +20,9 @@ if [ -f "cacert.pem" ];
 then
     echo "Not installing, it's already done."
 else
-    cp openssl.cnf.tmpl openssl.cnf
+    cp "$(dirname $0)/openssl.cnf.tmpl" openssl.cnf
     sed -i -e s/%USERNAME%/ROOT/g openssl.cnf
+    mkdir -p certs crl newcerts private
     openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf -batch -nodes
     touch index.txt
     echo "10" > serial
diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py
index f119bd75cac0..5d6d9537a0b3 100644
--- a/nova/api/ec2/cloud.py
+++ b/nova/api/ec2/cloud.py
@@ -110,6 +110,7 @@ class CloudController(object):
                                              'genrootca.sh')
 
             start = os.getcwd()
+            os.makedirs(FLAGS.ca_path)
             os.chdir(FLAGS.ca_path)
             # TODO(vish): Do this with M2Crypto instead
             utils.runthis(_("Generating root CA: %s"), "sh", genrootca_sh_path)