Re: [OpenXPKI-users] openxpkicli import_certificate
James, > I have successfully imported an existing certificate into the hll_ca2016 > realm, > finally. > > openxpkiadm certificate list -v -v --realm hll_ca2016 --all > > Certificates in hll_ca2016: > > Identifier: 76QCIA3aO9WOjkW6g2SAGQXoATI >Subject: > DC=ca,DC=harte-lyne,DC=hamilton,C=CA,ST=Ontario,L=Hamilton,O=Harte & Lyne > Limited,OU=Networked Data Systems,CN=inet11.hamilton.harte-lyne.ca >Issuer DN: > DC=ca,DC=harte-lyne,C=CA,ST=Ontario,L=Hamilton,O=Harte & Lyne > Limited,OU=Networked Data Services,CN=CA_HLL_ISSUER_2016 >Chain: > 76QCIA3aO9WOjkW6g2SAGQXoATI -> Yh03GEV0ZGEqIGMf-fxZ3lErPmk -> > CYQ4rXzn4X14_pPNKi8_Pq-Ywg8(complete) > > However, this certificate does not appear in webui, unless it is searched for > by ID. The certificate is expired. Nonetheless, I believe that expired > certificates issued by a CA should continue to be reported. What is the > reason > that this certificate does not show up in 'my certificates' list or returned > when a general search for all certificates is preformed? You asked exactly the same question a few days ago: https://sourceforge.net/p/openxpki/mailman/message/58756353/ And Oliver provided the accurate answer: https://sourceforge.net/p/openxpki/mailman/message/58756390/ Best regards, Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] openxpkicli import_certificate
James, > For the 'openxpkicli import_certificate' command there is a additional > parameter named 'profile' which takes a string argument. Is this string a path > to a file; or just the name of a file; or something else? Well, it's the profile name... In terms of the OpenXPKI configuration tree, this value references a leaf node below the "profile" node of a realm. In case of our published example YAML configuration layout (courtesy of Config::Merge), this also happens to be a file name in the profile directory of the realm. > > openxpkicli --realm hll_ca2016 \ >--filearg data=bare_20160001.pem \ >--param pki_realm='hll_ca2016' \ >--param update=1 \ > import_certificate > > Is the profile parameter significant in placing an imported certificate into a > specific realm? I don't understand the question. If you want to associate the imported certificate with a profile, you can specify it as an option for the import_certificate API function. > Is the default.yaml a valid profile for the purpose of importing a certificate > into a specific realm? No, as the name suggests it contains the common defaults for all other defined profiles. Cheers Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
[OpenXPKI-users] openxpkicli import_certificate
I have successfully imported an existing certificate into the hll_ca2016 realm, finally. openxpkiadm certificate list -v -v --realm hll_ca2016 --all Certificates in hll_ca2016: Identifier: 76QCIA3aO9WOjkW6g2SAGQXoATI Subject: DC=ca,DC=harte-lyne,DC=hamilton,C=CA,ST=Ontario,L=Hamilton,O=Harte & Lyne Limited,OU=Networked Data Systems,CN=inet11.hamilton.harte-lyne.ca Issuer DN: DC=ca,DC=harte-lyne,C=CA,ST=Ontario,L=Hamilton,O=Harte & Lyne Limited,OU=Networked Data Services,CN=CA_HLL_ISSUER_2016 Chain: 76QCIA3aO9WOjkW6g2SAGQXoATI -> Yh03GEV0ZGEqIGMf-fxZ3lErPmk -> CYQ4rXzn4X14_pPNKi8_Pq-Ywg8(complete) However, this certificate does not appear in webui, unless it is searched for by ID. The certificate is expired. Nonetheless, I believe that expired certificates issued by a CA should continue to be reported. What is the reason that this certificate does not show up in 'my certificates' list or returned when a general search for all certificates is preformed? Regards, -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Unencrypted messages have no legal claim to privacy Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
[OpenXPKI-users] openxpkicli import_certificate
For the 'openxpkicli import_certificate' command there is a additional parameter named 'profile' which takes a string argument. Is this string a path to a file; or just the name of a file; or something else? openxpkicli --realm hll_ca2016 \ --filearg data=bare_20160001.pem \ --param pki_realm='hll_ca2016' \ --param update=1 \ import_certificate Is the profile parameter significant in placing an imported certificate into a specific realm? Is the default.yaml a valid profile for the purpose of importing a certificate into a specific realm? Thanks, -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Unencrypted messages have no legal claim to privacy Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users