Am 02.10.2014 um 17:23 schrieb Christian Huldt: > I found the problem... > > I had edited the sampleconfig.sh to change all > "/DC=ORG/DC=OpenXPKI/OU=Test CA/CN=CA ONE" (and passwords as I don't > want it easy for others even if I'm just taking it for a spin), but the > created csr still had those in the subject... > > Sorry for the noise (and being blind as I didn't chjeck the csr properly) > > Should I wipe the database and ca-one before trying to manually set up a > new CA or can the be done "while running"?
It depends what you mean with "new ca" and where exactly the error was. If your ca-signer certificate was broken und you want to add a new signer to this realm, you need at least to deregister the current signer token with openxpkiadm alias --remove --alias ca-one-signer-1 --realm ca-one Otherwise you will run into the same error the next time your CRL is due for renewal. If you want to set up a complete new realm, you can leave the old one untouched. Oliver -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
