Re: [OpenXPKI-users] Managed PKI materials

Mon, 12 Feb 2007 07:13:12 -0800 

Hi Robert,

On Mon, Feb 12, 2007 at 03:13:02PM +0100, Robert LISIAK wrote:
> Bonjour Alex,
> Accordingly to your advice I have set up
> - - token.xml  - OK!? (I'm not really sure)
>     <token id="my_CA.org" super="../token{default}">
>          <!-- CA key (PEM encoded) -->
>          <key>/usr/etc/openxpki/ca/my_CA.org/cakey.pem</key>
>          <!-- CA passphrase fragments -->
>          <secret>my_CA.org_passphrase</secret>
This should not be your passphrase, but a reference to a secret group
identifier configured in config.xml. For example, if you use 'default',
you should be just fine.

> - - Imported existing CA keys – OK ! (cmd. openxpkiadm certificate list
> - --all –v shows my CA key)
does it show it without --all, though? It should be there if you set the
aliases correctly.

> but when I logon to OpenXpki as “operator” and I'm looking for my CA key
> in List issuing CAs of  CA Info I can see only the NOT Usable
> testdummyca1&2.
Try setting the secret as described above and logging in as root
(Operator stack). You should be able to unlock your CA key from within
the webinterface then (after doing the things I mention below).

> I remember that you wrote me about the config.xml also but I do not know
> what to do exactly.
> 
> It would seem that I have to change or to replace all "testdummyca1" by
> "my_CA.org" is exact ???
Well, there are four occurences of testdummyca1 in the config.xml file.
The first one is the ca id, which is an internal identifier, which you
can set to whatever you like, the second is the reference to the token,
which should be myCA.org if you defined this as the token name in
token.xml, the next one is the alias, which should match the alias you
used in openxpkiadm certificate alias, and the last one is the CRL
location, which just needs to point to a valid directory.
In summary: Replace those as you see it fit ...

Regards,
    Alex
-- 
Dipl.-Math. Alexander Klink | IT-Security Engineer
        [EMAIL PROTECTED] | working @ urn:oid:1.3.6.1.4.1.11417

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Reply via email to