Hello John,
the concept of OpenXPKI is "one realm is one authority", having multiple
signer certificates in one realm is meant to provide a seamless
operation in case of a CA rollover. With the default workflows, the
system will always take the issuing CA with the "newest" CA certificate
(the most recent notbefore date).
If you want to have different Issuing CAs in parallel, the intended
solution is to setup another realm for the second CA.
best regards
Oliver
On 15.07.25 05:17, Xu, John (CW) via OpenXPKI-users wrote:
Dear team
I’m running the latest version of OpenxPKI in docker. I’ve imported
two CAs and corresponding issuing CA in the default democa. One was
generated using sampleconfig.sh, the other was generated using
openssl. The two issuing CA show online as the screenshot in web
interface.
Now is the problem, how can I use SCEP to enroll certificates from
different CAs using different CAIdentifier?
Thank you.
Best Regards
John
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
