Hi Roni,if you can get the RA/CA cert then the SCEP subsystem is working. I assume you mean GetCertInitial - this will only fetch an EXISTING certificate, to enroll for a new certificate you need to create a CSR on your local machine and send it to the PKI. An example using the sscep tool is provided on the quickstart page
http://openxpki.readthedocs.io/en/latest/quickstart.html#enabling-the-scep-service
To configure the certificate for getnextca, you must add a root-certificate with a future notbefore date. First, import your new root
openxpkiadm certificate import --file rootca2.pemThen set a new alias in the root group with an adminstratively overriden notbefore date (you can omit this if the certificate has a notbefore date in the future itself)
openxpki alias --realm ca-one --identifier XXXX --token root --notbefore "2020-01-01 00:00:00"
You can check the result with openxpki alias --realm ca-one This should look like: === root ca === current root ca: Alias : root-1 Identifier: 9p_FxU-wdTaciZD5lcOIiP-CLxk NotBefore : 2015-10-02 09:26:28 NotAfter : 2020-10-01 09:26:28 upcoming root ca: Alias : root-2 Identifier: Als6THNt9jedxlF5AD0P5a4bhjY NotBefore : 2020-10-01 09:26:25 (2006-11-03 07:00:58) NotAfter : 2020-10-01 09:26:28 (2036-11-03 07:00:58) Oliver -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
