Bonjour Everyone,
I have done some working on this customization and would like to share with the
community.
openxpkictl stop
#Create a copy of all the following 2 folders as follows:cp -rfR /etc/openxpki/
/etc/openxpki.beforeDemoCAcp -rfR /usr/share/perl5/OpenXPKI
/usr/share/perl5/OpenXPKI.beforeDemoCA
Take a copy of both above folders and Replace all contents from "democa" to
"customCA" and replace on the folders
Login to Database and replace all tables entries from "democa" to "customCA"
Edit the softlink at /etc/openxpki/config.d/realm from "democa" to "customCA"
Rename the folder at /etc/openxpki/local/keys from "democa" to "customCA"
openxpkictl start
It will start successfully.
openxpkictl start
Also verify from the command "openxpkiadm alias --realm customCA" and WebUI
Cheers & Enjoy Weekend
RegardsScotty :)
On Tuesday, 25 May 2021, 05:21:06 pm GMT+5, Martin Bartosch
<[email protected]> wrote:
Hi Scott,
> I did an exercise on this, replaced the "democa" in all files in
> /etc/openxpki with a customCAName but when I import my issuing CA key and
> cert, it gave an error about "Unknown/Undefined Realm".
> Please tell me in detail how can i replace the word democa.
As mentioned in my previous post:
>> However, the "section key" in the realms configuration (democa in your case)
>> is the internal realm name used for grouping PKI Realm data in the database.
>> It cannot easily be changed once it has been used. (It is technically
>> possible to change this name by performing some database modification but we
>> do not recommend to do this unless you exactly know what you are doing.)
>>
>> When setting up the PKI the realm "key" of each realm should be set to a
>> sensible sensible value, e. g. "serverca" or "userca". Do not change the
>> name once it has been used.
In other words: do not change the internal realm name for an existing PKI Realm.
You have the following options:
a. create a new PKI Realm (possibly based on the configuration of the existing
PKI Realm), possibly importing existing CA signer tokens/certificates and
possibly existing EE certificates
b. living with the existing short name
c. hiding the existing short name by hacking the frontend CSS
d. modifying the entire CA database to use a different short name
I would recommend approach a or b.
Cheers
Martin
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
