Hi,
I have an issue with EST.
In openxpki I configured an Issuing CA which works fine if the certificate
that is used for EST client authentication was also issued by this Issuing
CA.
However, if the certificate used for TLS client authentication was issued
by another CA ("Manufacturer CA"), I get the error "signer_not_authorised".
I've imported the Manufacturer Root and Issuing CA to the data base to
realm "democa" (however the command *openxpkiam certificates list --realm
democa* does not show them, but in the data base table "certificate" the
first column is set to "democa". I'm confused about that!?).
Furthermore in est/default.yaml I changed the authorized signer rule to
"subject: .*"
I also wanted to try the approach to create an alias for the Manufacturer
root ca and add it as "root_alias" the default.yaml.
But creating a non-functional alias with the command* openxpki alias
--realm demo --identifier ... --alias ...*
does not work for me, the alias is not created. The only aliases that
appear in the table aliases are the functional aliases (root, ca-signer,
data-vault).
What am I doing wrong?
What is the general approach for EST with client certificates from another
CA?
Thanks a lot,
Caro
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
