Hi, > I am trying to install 2 instances of openxpki. For the first instance I > followed the quicksetup in the docs and every thing is working fine: > Root CA --> Signing CA (server 1) --> certificate > > For the second instance I would like to set it up in a way that it is under > server 1 in the hierarchy. That is I am trying the chain to look as follows: > Root CA --> Signing CA (server1) --> signing CA (server 2) --> certificate > > Are there any special instructions that I should follow? > I am thinking of importing the chain of Root CA --> Signing CA (server 1) as > the root certificate of installation 2. would that work?
OpenXPKI does not make assumptions on the logical architecture of the PKI and allows to build any logical topology. The only actively enforced requirement is that when importing a CA Signer certificate as as signer token into a PKI Realm the system must be able to build the certificate chain up to a trusted Root CA Certificate. This effectively means that you will have to start importing the Root CA and all necessary intermediate CA certificates in top-down order first into OpenXPKI. Cheers Martin _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
