Am 16.11.20 um 19:33 schrieb CpServiceSPb: > Hi. > > There are some different soft required different CAs way. > And how I image it: > 1. System administrator issues Root CA via Web UI, including filling > of necessary fields;; The system is not able to create a self-signed root, you must create this yourself and import it as a CA signer > 2. Using issued Root CA, system administrator issues all 3 (or more) > intermediate CAs via Web UI, of course with filling of necessary fields;; This would require to setup the Root CA as realm with the token generated in 1, you afterwards need to register those certs as CA signer in the realms as OpenXPKI does not "link" the realms and tokens itself. > 3.Some soft, for example, Vpn server request server certificate from, > for example intermediate CA1 in auto mode - request for issuing of new > one or request of renewal existing and sysadmin may see the request at > Web UI and to approve it or to decline it or to set up checkbox looks > like "auto issue" for such kind of certificates;
Check the documentation of the enrollment workflow https://openxpki.readthedocs.io/en/latest/reference/configuration/workflows/enroll.html and the ML archives, a lot of this has been discussed here already. Please note that OpenXPKI is not made to be configured from the WebUI but requires the settings to be done in the YAML configuration. There are options to wire such settings to database entries or similar and write a configuration workflow for them but this is not included in the standard. > 4. Some user sends client certificate for issuing by intermediate CA1. > And it is issued at auto mode, if appropriate checkbox exists or under > sysadmin control. > All of these is happened at on-line mode. Same answer as above.... > If it' s possible, it is so good. > > And is there deb packages for Ubuntu 18.04 ? > Yes but only with a commercial subscription / enterprise license. best regards Oliver -- Protect your environment - close windows and adopt a penguin! _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
