Hi, > I am trying to use openxpki for testing EST enrollment from a device. In the > configuration of the device for my device I need to upload the combined > certificate and private key of the issuing certificate.
This is most certainly not correct. You are either misunderstanding the documentation of the device or its EST implementation is severely broken. > I have been using the default configuration of the openxpki and now have > OpenXPKI Demo Issuing CA as the intermediate CA. > My problem now is that I cannot find the private key for this issuer or > cannot change the issuer. The whole point of a CA software product is to protect the infrastructure keys of the respective Issuing CA. You cannot download it, and for very good reason. > I have tried to change this demo CA by using this command: > openxpkiadm certificate import --file root_CA1.pem \ > --realm democa --token curtsying So you want to perform an Issuing CA Rollover for this use case using a token "curtsying". That does not make sense (unless you have a very special setup). > However, when I approve a certificate signing request the issuer is still > OpenXPKI Demo Issuing CA. Works as designed, the currently active Issuing CA in the PKI Realm issues the requested certificate. Cheers Martin _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
