Hello,
I have been trying to set up my own realm and certificates with
openxpki, however I keep running in the issue that my Signing CA wont
come online.
It does load it just fine, and the realm alias info lists it all. But it
stays offline.
The vault however does work.
What I do: https://gist.github.com/Sult/8e67307bfdfbc66ed07d1d1891bbf94c
I did find in the documentation that the filename is important (With
default config)
https://openxpki.readthedocs.io/en/stable/operation/tokenconfig.html#initial-setup
The <realm>/ca says you would need to have keys in local/keys/<realm>
however the sample config doesnt follow this convention. I have also
tried by putting the keys there, but with the same result. Signing CA
wont come online
With kind regards,
Hans de Jong
PS: I dont know if this is useful but when i have everything loaded, I
get this output when showing the realm alias info.
root@6cc6f2267e07:/etc/openxpki/tmp# openxpkiadm alias --realm
provisioningca
=== functional token ===
scep (scep):
Alias : scep-1
Identifier: datk1dTh9DV2mUbP-YbctJn0Acw
NotBefore : 2021-11-23 10:41:01
NotAfter : 2022-11-23 10:41:01
vault (datasafe):
Alias : vault-1
Identifier: f56oyzMYYgI1tFl4YVCEQTQVDVI
NotBefore : 2021-11-24 13:25:59
NotAfter : 2024-11-28 13:25:59
ca-signer (certsign):
Alias : ca-signer-1
Identifier: a2YR8-rwPDRFHJZrMvkWM_YL-cA
NotBefore : 2021-11-23 10:40:54
NotAfter : 2022-11-23 10:40:54
ratoken (cmcra):
not set
=== root ca ===
current root ca:
Alias : root-1
Identifier: 0wwvnOUX2DNSYdjT0MNhPpfkyJg
NotBefore : 2021-11-23 10:40:49
NotAfter : 2031-11-21 10:40:49
upcoming root ca:
not set
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
