Hello,Today I did setup my OpenXPKI instance following the Quickstart documentation found here : https://openxpki.readthedocs.io/en/latest/quickstart.html
Everything went smooth but there is something which bothers me. In the "Create Issuing CA Token" section, we should see something like the following when executing `openxpkiadm alias --realm <My Realm>` :
$ openxpkiadm alias --realm democa === functional token === scep (scep): Alias : scep-1 Identifier: YsBNZ7JYTbx89F_-Z4jn_RPFFWo NotBefore : 2015-01-30 20:44:40 NotAfter : 2016-01-30 20:44:40 vault (datasafe): Alias : vault-1 Identifier: lZILS1l6Km5aIGS6pA7P7azAJic NotBefore : 2015-01-30 20:44:40 NotAfter : 2016-01-30 20:44:40 ca-signer (certsign): Alias : ca-signer-1 Identifier: Sw_IY7AdoGUp28F_cFEdhbtI9pE NotBefore : 2015-01-30 20:44:40 NotAfter : 2018-01-29 20:44:40 === root ca === current root ca: Alias : root-1 Identifier: fVrqJAlpotPaisOAsnxa9cglXCc NotBefore : 2015-01-30 20:44:39 NotAfter : 2020-01-30 20:44:39 upcoming root ca: not set But when I execute it, here is the output : root@OpenXPKI:~# openxpkiadm alias --realm <My Realm> === functional token === ca-signer (certsign): Alias : ca-signer-1 Identifier: EAcWynRnKvuqr3txMCCEofpIUBw NotBefore : 2021-04-22 13:42:52 NotAfter : 2031-04-20 13:42:52 vault (datasafe): Alias : vault-1 Identifier: zbOKQPsIG__VaSmUxmz3gbIecEk NotBefore : 2021-04-22 13:45:31 NotAfter : 2031-04-20 13:45:31 scep (scep): Alias : scep-1 Identifier: Ajiolk0EpqFXVLYpIFH2VJPsuJM NotBefore : 2021-04-22 13:48:45 NotAfter : 2031-04-20 13:48:45 === root ca === current root ca: not set upcoming root ca: not setAs said in the doc, ids and times will vary. But what bothers me is the fact that the current root ca is not set. It was imported earlier as you can see :
root@OpenXPKI:~# openxpkiadm certificate list --all -v -v Certificates in <My Realm>: Identifier: Ajiolk0EpqFXVLYpIFH2VJPsuJM Alias: scep-1 (in realm: <My Realm>) Subject: CN=SCEP Certificate v1,O=<My org> Issuer DN: CN=Issuing CA v1,O=<My org> Chain:Ajiolk0EpqFXVLYpIFH2VJPsuJM -> EAcWynRnKvuqr3txMCCEofpIUBw -> KU_1utq7QXfgB1UXEm8sCMEYLUs(complete)
Identifier: EAcWynRnKvuqr3txMCCEofpIUBw Alias: ca-signer-1 (in realm: <My Realm>) Subject: CN=Issuing CA v1,O=<My org> Issuer DN: CN=<My Org> Root CA v1,O=<My org> Chain: EAcWynRnKvuqr3txMCCEofpIUBw -> KU_1utq7QXfgB1UXEm8sCMEYLUs(complete) Identifier: zbOKQPsIG__VaSmUxmz3gbIecEk Alias: vault-1 (in realm: <My realm>) Subject: CN=<My Org> PKI DataVault Certificate Issuer DN: CN=<My Org> PKI DataVault Certificate Chain: zbOKQPsIG__VaSmUxmz3gbIecEk(complete) Identifier: KU_1utq7QXfgB1UXEm8sCMEYLUs Subject: CN=<My Org> Root CA v1,O=<My Org> Issuer DN: <Hidden Subject> Chain: KU_1utq7QXfgB1UXEm8sCMEYLUs(complete)The last certificate is the Root CA. Am I missing something from the doc, or is there something to do ?
Is there any impact on the worflows if the Root CA is not set ? Thank you :D PS : OpenXPKI is great :D
smime.p7s
Description: Signature cryptographique S/MIME
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
