Hi,
if you need a lightweight command line CA tool, you might want to try
https://github.com/openxpki/clca
Oliver
On 27.09.23 10:30, 中島元晴 wrote:
Hi Oliver.
Thanks for letting me know.
We have discovered that it is not as straightforward as OPENSSL.
2023年9月26日(火) 15:36 Oliver Welter <[email protected]>:
Hi,
OpenXPKI does not provide a command line tool to sign certificates
- anything in OpenXPKI is backed by a workflow, you can in theory
run a workflow directly from the console using "openxpkicmd" but
this will not help you without having developed a suitable
workflow for this matter. If you want to automate things, I would
suggest to use the RPC interface which is documented quite well on
the RTD pages.
Oliver
On 26.09.23 03:21, 中島元晴 wrote:
Hello.
I am new to OpenXpki, and I have followed the instructions on
this page
(https://openxpki.readthedocs.io/en/latest/quickstart.html#debian-builds)
to build it to the point where it functions in a web browser.
I would like to replace the shell script that creates client
certificates with OpenSSL with OpenXpki.
===============================================================================================================
#! /bin/bash
COMMON_NAME="$1"
mkdir -p "/etc/ssl/client/$COMMON_NAME"
cd "/etc/ssl/client/$COMMON_NAME"
DAYS=730
openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr -subj
"/CN=$COMMON_NAME/O=XXXX./ST=XXX/C=XX"
openssl x509 -req -in client.csr -CA /etc/ssl/CA/cacert.pem
-CAkey /etc/ssl/CA/private/cakey.pem -CAcreateserial -out
client.crt -days "$DAYS"
cat client.key client.crt /etc/ssl/CA/cacert.pem | openssl pkcs12
-export -out "$COMMON_NAME.p12" -passout pass:"$COMMON_NAME"
rm -fr client*.
===============================================================================================================
I have tried to execute the command for this purpose, but the
client certificate is not being created.
For example:
openxpkiadm certificate sign --req client.csr --profile
/etc/openxpki/config.d/realm/CA/profile/default.yaml --out client.crt
Could you please provide some guidance or advice on this matter?
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
