Hi, Thank you so much for the response and explanation. Using this command: openxpkiadm certificate import --file root_CA1.pem --realm democa --token curtsying I have added a new token for signing and now I cannot undo it and it is causing this exception for issuing the crl: Certificate signing token is not online
Can u please guide me on how I can change the signing token back to what it was (the default Demo Issuing CA)? Regards, Romina ________________________________ From: Martin Bartosch via OpenXPKI-users <openxpki-users@lists.sourceforge.net> Sent: 28 October 2024 16:26 To: openxpki-users@lists.sourceforge.net <openxpki-users@lists.sourceforge.net> Cc: Martin Bartosch <vc-...@cynops.de> Subject: Re: [OpenXPKI-users] Private key of the issuing certificate Hi, > I am trying to use openxpki for testing EST enrollment from a device. In the > configuration of the device for my device I need to upload the combined > certificate and private key of the issuing certificate. This is most certainly not correct. You are either misunderstanding the documentation of the device or its EST implementation is severely broken. > I have been using the default configuration of the openxpki and now have > OpenXPKI Demo Issuing CA as the intermediate CA. > My problem now is that I cannot find the private key for this issuer or > cannot change the issuer. The whole point of a CA software product is to protect the infrastructure keys of the respective Issuing CA. You cannot download it, and for very good reason. > I have tried to change this demo CA by using this command: > openxpkiadm certificate import --file root_CA1.pem \ > --realm democa --token curtsying So you want to perform an Issuing CA Rollover for this use case using a token "curtsying". That does not make sense (unless you have a very special setup). > However, when I approve a certificate signing request the issuer is still > OpenXPKI Demo Issuing CA. Works as designed, the currently active Issuing CA in the PKI Realm issues the requested certificate. Cheers Martin _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
