Hello, I followed the above approach. but the rootCA is not showing in the chain. the top of the chain is showing to be the signingCA from server1. Am I doing anything wrong?
Regards, Alaa On Wed, Jul 24, 2024 at 8:37 AM Alaa Hilal <alaahi...@gmail.com> wrote: > Hello, > > Thanks for the clarification I can import them one by one. So can I follow > this process on server 2? > 1- import rootCA > 2- openxpkiadm certificate import --file root.crt > 3- import signingCA from server1 --> here i import it same way? openxpkiadm > certificate import --file signingCAserver1.crt > 4- create a key and csr for server2 signing ca and sign it with server 1 > pki > 5- create token for the signingca of server 2 > .... > > Does this sound right? > > Best regards, > > On Wed, Jul 24, 2024 at 8:27 AM Martin Bartosch via OpenXPKI-users < > openxpki-users@lists.sourceforge.net> wrote: > >> Hi, >> >> > I am trying to install 2 instances of openxpki. For the first instance >> I followed the quicksetup in the docs and every thing is working fine: >> > Root CA --> Signing CA (server 1) --> certificate >> > >> > For the second instance I would like to set it up in a way that it is >> under server 1 in the hierarchy. That is I am trying the chain to look as >> follows: >> > Root CA --> Signing CA (server1) --> signing CA (server 2) --> >> certificate >> > >> > Are there any special instructions that I should follow? >> > I am thinking of importing the chain of Root CA --> Signing CA (server >> 1) as the root certificate of installation 2. would that work? >> >> OpenXPKI does not make assumptions on the logical architecture of the PKI >> and allows to build any logical topology. >> >> The only actively enforced requirement is that when importing a CA Signer >> certificate as as signer token into a PKI Realm the system must be able to >> build the certificate chain up to a trusted Root CA Certificate. This >> effectively means that you will have to start importing the Root CA and all >> necessary intermediate CA certificates in top-down order first into >> OpenXPKI. >> >> Cheers >> >> Martin >> >> >> >> >> >> _______________________________________________ >> OpenXPKI-users mailing list >> OpenXPKI-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/openxpki-users >> >
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
