openssl ca: open the output file as late as possible

Fixes #6544

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6546)

(cherry picked from commit 63871d9f)