Hello, Sorry, it is working. I was downloading the chain incorrectly.
Regards On Thu, Jul 25, 2024 at 7:53 AM Oliver Welter <m...@oliwel.de> wrote: > Hi Alaa, > > in which chain dont you see the root ? The "primary" views will always > show the parent signer certificate which is SignerCA1 in your case but in > the background the chain is there and it should also be delivered by all > download options. > > Oliver > On 24.07.24 11:39, Alaa Hilal wrote: > > Hello, > > I followed the above approach. but the rootCA is not showing in the chain. > the top of the chain is showing to be the signingCA from server1. > Am I doing anything wrong? > > Regards, > Alaa > > On Wed, Jul 24, 2024 at 8:37 AM Alaa Hilal <alaahi...@gmail.com> wrote: > >> Hello, >> >> Thanks for the clarification I can import them one by one. So can I >> follow this process on server 2? >> 1- import rootCA >> 2- openxpkiadm certificate import --file root.crt >> 3- import signingCA from server1 --> here i import it same way? openxpkiadm >> certificate import --file signingCAserver1.crt >> 4- create a key and csr for server2 signing ca and sign it with server 1 >> pki >> 5- create token for the signingca of server 2 >> .... >> >> Does this sound right? >> >> Best regards, >> >> On Wed, Jul 24, 2024 at 8:27 AM Martin Bartosch via OpenXPKI-users < >> openxpki-users@lists.sourceforge.net> wrote: >> >>> Hi, >>> >>> > I am trying to install 2 instances of openxpki. For the first instance >>> I followed the quicksetup in the docs and every thing is working fine: >>> > Root CA --> Signing CA (server 1) --> certificate >>> > >>> > For the second instance I would like to set it up in a way that it is >>> under server 1 in the hierarchy. That is I am trying the chain to look as >>> follows: >>> > Root CA --> Signing CA (server1) --> signing CA (server 2) --> >>> certificate >>> > >>> > Are there any special instructions that I should follow? >>> > I am thinking of importing the chain of Root CA --> Signing CA (server >>> 1) as the root certificate of installation 2. would that work? >>> >>> OpenXPKI does not make assumptions on the logical architecture of the >>> PKI and allows to build any logical topology. >>> >>> The only actively enforced requirement is that when importing a CA >>> Signer certificate as as signer token into a PKI Realm the system must be >>> able to build the certificate chain up to a trusted Root CA Certificate. >>> This effectively means that you will have to start importing the Root CA >>> and all necessary intermediate CA certificates in top-down order first into >>> OpenXPKI. >>> >>> Cheers >>> >>> Martin >>> >>> >>> >>> >>> >>> _______________________________________________ >>> OpenXPKI-users mailing list >>> OpenXPKI-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/openxpki-users >>> >> > > _______________________________________________ > OpenXPKI-users mailing > listOpenXPKI-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/openxpki-users > > -- > Protect your environment - close windows and adopt a penguin! > > _______________________________________________ > OpenXPKI-users mailing list > OpenXPKI-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openxpki-users >
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
