Hi Martin & Oliver, thanks for your quick support! I can take a step further and test OpenXPKI.
Merry Christmas to all! Best regards, Stefan ________________________________________ Von: Martin Bartosch via OpenXPKI-users <[email protected]> Gesendet: Donnerstag, 23. Dezember 2021 10:59 An: [email protected] Cc: Martin Bartosch Betreff: Re: [OpenXPKI-users] Problems with setup (democa) Hi, >>> I can find the certificates in the sql dump (BEGIN CERTIFICATE) but I >>> can't find any string with 'BEGIN ENCRYPTED PRIVATE KEY'. Where is the >>> private key located? > >> The keys are wrapped into a PKCS7 containe - look for something where >> the namespace column has a value of sys.crypto.keys > > what's the preferred way, store in database or put a keyfile with permission > 0400/user openxpki on hdd ? It's your decision. Back in the day when I designed this initially I deliberately chose not to have any key material in the database. (That was at a time when the datapool did not exist yet, though.) Over the time we found that many users seem to prefer their software keys in the database, as this makes cluster setups easier to manage, so we implemented this. Both has its advantages and disadvantages, and we leave the decision for/against storing keys in the datapool to the skilled PKI architects who use our PKI software. Cheers Martin _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
