Hello, Thanks for the clarification I can import them one by one. So can I follow this process on server 2? 1- import rootCA 2- openxpkiadm certificate import --file root.crt 3- import signingCA from server1 --> here i import it same way? openxpkiadm certificate import --file signingCAserver1.crt 4- create a key and csr for server2 signing ca and sign it with server 1 pki 5- create token for the signingca of server 2 ....
Does this sound right? Best regards, On Wed, Jul 24, 2024 at 8:27 AM Martin Bartosch via OpenXPKI-users < openxpki-users@lists.sourceforge.net> wrote: > Hi, > > > I am trying to install 2 instances of openxpki. For the first instance I > followed the quicksetup in the docs and every thing is working fine: > > Root CA --> Signing CA (server 1) --> certificate > > > > For the second instance I would like to set it up in a way that it is > under server 1 in the hierarchy. That is I am trying the chain to look as > follows: > > Root CA --> Signing CA (server1) --> signing CA (server 2) --> > certificate > > > > Are there any special instructions that I should follow? > > I am thinking of importing the chain of Root CA --> Signing CA (server > 1) as the root certificate of installation 2. would that work? > > OpenXPKI does not make assumptions on the logical architecture of the PKI > and allows to build any logical topology. > > The only actively enforced requirement is that when importing a CA Signer > certificate as as signer token into a PKI Realm the system must be able to > build the certificate chain up to a trusted Root CA Certificate. This > effectively means that you will have to start importing the Root CA and all > necessary intermediate CA certificates in top-down order first into > OpenXPKI. > > Cheers > > Martin > > > > > > _______________________________________________ > OpenXPKI-users mailing list > OpenXPKI-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openxpki-users >
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
