Hi Oli, Thanks for your quick response. I believe my progress is in the right direction. But i'm still missing something :)
With the right command, i was able to add a group/alias for my root certificate -> openxpkiadm alias --realm democa --identifier 8SUUyO2hC4SCeehX2VjsTSMGQj8 --group goroot And i'm able to see it with openxpkiadm certificate list command === anonymous groups === goroot: Alias : goroot-1 Identifier: 8SUUyO2hC4SCeehX2VjsTSMGQj8 NotBefore : 2025-03-25 18:41:44 NotAfter : 2035-03-25 17:41:44 Of course, i updated est config rules to use the right alias. In est.log INF Authenticated client DN: CN=gocert [pid=71|ep=default] Yet, it still get the error in workflow ui : Trusted Signer not found in trust list (CN=gocert). (anonynmous) I guess (anonymous) because it's the user associated to _System stack. It's fine, i'm not worried about that. At this point, i don't know if it's related to the alias of my external root, the fact it belongs to anonymous group, or something else i haven't addressed yet. I keep reminding it just in case : there is no intermediate CA. The chain sent with curl is simple : leaf -> root By any chance, are you able to spot something else :) ps : i was using the wrong command to add a new alias => ended up with the ca-signer group automatically. I shouldn't have overlooked the openxpkiadm man page (for future readers, don't overlook it !)
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
