Dear OpenXPKI users,I have a domain with a PKI. I'm using OpenXPKI in production to create certificates. I'm using the PKI to authenticate VPN users and intra-VPN web servers.
Unfortunately, due to a mistake on my side, I had to create a separate intermediate CA for my VPN, and a CA for everything else.
I do have two Intermediate CA now : - CN=MyOrg Intermediate CA v1,O=MyOrg imported as ca-signer-1 in OpenXPKI- CN=MyOrg Intermediate VPN CA v1,O=MyOrg imported as ca-signer-2 in OpenXPKI
I did create one profile for my VPN users on my realm, and one for servers. Every certificate is in the following format : CN=<VPN User/Server>,OU=VPN,O=MyOrg.
Recently, I had to issue multiples VPN certificates. My users made their requests, and everything went well. But today, I need to issue a certificate for a TLS Server, but not signed with the VPN ICA.
When I made the request/approve it (I made it as an operator), I did not see any field/button where I can choose the signing CA ? Is there something to change in the configuration (Having a field like this in the YAML profile would be a nice feature) or am I missing something in the UI ? I issued a certificate that I had to revoke because the wrong ICA was used.
Do I need a separate realm ? Thanks in advance :D Grégory Widmer -- *Grégory Widmer* /[email protected]/ DevOps, System Administrator and Network Administrator PGP Fingerprint : 0x15DF 085D 9BED 6686 24AB E069 D69A 8416 9D1A 9CA8
smime.p7s
Description: Signature cryptographique S/MIME
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
