Dear Martin,
I
applied your suggested configuration and was able to create a Sub CA
certificate...i also added a "Sub CA" role in the Sub CA profile. The
Sub CA's certificate was successfully generated. I used "Accounts
Department" as my Sub CA name....Then i imported this certificate into
a seperate OpenXPKI installation.
Here is the Certificate import output...
openxpkiadm certificate import --config ../../config.xml --file root-cacert.pem
Successfully imported certificate into database:
Subject: CN=ID Tech,OU=ID Tech,O=ID Tech,C=AU
Issuer: CN=ID Tech,OU=ID Tech,O=ID Tech,C=AU
Identifier: Qu6Rz9Mq3cO3rNXftH2IShbwkbE
openxpkiadm
certificate alias --config ../../config.xml --realm
I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA --identifier
Qu6Rz9Mq3cO3rNXftH2IShbwkbE --alias testdummyca1rootca
Successfully created alias in realm I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA:
Alias : testdummyca1rootca
Identifier: Qu6Rz9Mq3cO3rNXftH2IShbwkbE
openxpkiadm
certificate import --config ../../config.xml --realm
I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA --file cacert.pem --issuer
testdummyca1rootca
Successfully imported certificate into database:
Subject: CN=Accounts Department,OU=Accounts Department,O=ID
Tech,DC=Accounts Department,C=AU
Issuer: CN=ID Tech,OU=ID Tech,O=ID Tech,C=AU
Identifier: v5feP5Sl6tP95f7s3U0movaBanI
openxpkiadm
certificate alias --config ../../config.xml --realm
I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA --identifier
v5feP5Sl6tP95f7s3U0movaBanI --alias testdummyca1
Successfully created alias in realm I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA:
Alias : testdummyca1
Identifier: v5feP5Sl6tP95f7s3U0movaBanI
All
happened successfully and i saw the Certificate chain in this new Sub
CA.....Then i requested a user certificate which was also generated
successfully. Now my next task was to create a Sub CA certificate from
my "Accounts Department" Sub CA....so similarly i replicated those
profile Sub CA tags in Sub CA installation. But this time Error occured
"(internal) Determine Issuing CA".
I am attaching my Root CA Certificate,
Sub CA Certificate, User Certificate generated from Sub CA, Error
Snapashot, DB Entries and Certificate Chain Snapshot.
I want Sub CA's with unlimited number of Levels. The Sub CA Certificate that
was generated states that
"Maximum Number of Intermediate CA's : Unlimited"
....but i am not able to create further Sub CA certificate from this Sub CA.
Best Regards
Scott Thomas
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
