Hello, you need to add "--realm 'name of realm' --token certsign" for the signer cert.
So I your case " openxpkiadm certificate import --file issuing_ad_01 --realm 'name of realm' --token certsign ". Replace 'name of realm' with the name of your realm ;) Mit freundlichen Grüßen / Best regards Andreas Krieger -----Ursprüngliche Nachricht----- Von: Gabriel Sailer [mailto:[email protected]] Gesendet: Mittwoch, 14. Dezember 2016 21:08 An: [email protected] Betreff: Re: [OpenXPKI-users] How to configure openXPKI as issuing CA? Hello Oliver, that is what i have done. I copied the ca_one directory at config.d/realm to a new one issuing_ad_01. Then i create at the ssl directory also a sub directory issuing_ad_01 and copied the root certificate the (signed) issuing certificate and the private key in this directory. After the import of the root CA certificate (openxpkiadm certificate import --file root_ad_01) and the issuing certificate (openxpkiadm certificate import --file issuing_ad_01) i have no realm for this certificate. How did the certificate match to the created realm directory at config.d/realm/issuing_ad_01? I looked at the script diliverd with the debian package, but i can not see an command which do the binding for that. Many thanks Gabs ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
