Hello Oliver Thanks for quick response. With multiple realms (each realm has one CA) in a OpenXPKI instance, does it work to use the same URL but different CAIdentifier?
Like in this screenshot, SCEP server URL is always the same, but OpenXPKI issues certificate according to CAIdentifer provided. If CAIdentifier is scep1, CA in realm “scep1” issues certificates. If CAIdentifier is scep2, CA in realm “scep2” issues certificates [cid:image003.png@01DBF594.4DC98920] Best Regards John From: Oliver Welter <m...@oliwel.de> Sent: Tuesday, July 15, 2025 1:31 PM To: openxpki-users@lists.sourceforge.net Subject: Re: [OpenXPKI-users] How to enroll SCEP using different CAIdentifer in one realm CAUTION: External Email Hello John, the concept of OpenXPKI is "one realm is one authority", having multiple signer certificates in one realm is meant to provide a seamless operation in case of a CA rollover. With the default workflows, the system will always take the issuing CA with the "newest" CA certificate (the most recent notbefore date). If you want to have different Issuing CAs in parallel, the intended solution is to setup another realm for the second CA. best regards Oliver On 15.07.25 05:17, Xu, John (CW) via OpenXPKI-users wrote: Dear team I’m running the latest version of OpenxPKI in docker. I’ve imported two CAs and corresponding issuing CA in the default democa. One was generated using sampleconfig.sh, the other was generated using openssl. The two issuing CA show online as the screenshot in web interface. Now is the problem, how can I use SCEP to enroll certificates from different CAs using different CAIdentifier? Thank you. [cid:image001.png@01DBF593.18246E80] Best Regards John _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net<mailto:OpenXPKI-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/openxpki-users<https://lists.sourceforge.net/lists/listinfo/openxpki-users> -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
