the system is not really designed to work with externally provided
certificates, it is a PKI that manages the certificate lifecycle....if
you might have a look at the man page of the import_certificate command
you might be able to see the comment that a profile needs to be set to
let the cert look like its orginates from this realm. You might also be
able to find this answer in the MLs archives as it was questioned and
answered more then once.
On 03.04.24 21:22, James B. Byrne via OpenXPKI-users wrote:
After further exploration I have discovered that the certificate chain for the
imported certificates appears complete and correct. For example:
openxpkiadm certificate list --realm hll_ca2016 --all -v -v
Certificates in hll_ca2016:
Identifier: 76QCIA3aO9WOjkW6g2SAGQXoATI
Subject:
DC=ca,DC=harte-lyne,DC=hamilton,C=CA,ST=Ontario,L=Hamilton,O=Harte & Lyne
Limited,OU=Networked Data Systems,CN=inet11.hamilton.harte-lyne.ca
Issuer DN:
DC=ca,DC=harte-lyne,C=CA,ST=Ontario,L=Hamilton,O=Harte & Lyne
Limited,OU=Networked Data Services,CN=CA_HLL_ISSUER_2016
Chain:
76QCIA3aO9WOjkW6g2SAGQXoATI -> Yh03GEV0ZGEqIGMf-fxZ3lErPmk ->
CYQ4rXzn4X14_pPNKi8_Pq-Ywg8(complete)
Where:
Identifier: CYQ4rXzn4X14_pPNKi8_Pq-Ywg8
Alias:
root-1
and
Identifier: Yh03GEV0ZGEqIGMf-fxZ3lErPmk
Alias:
ca-signer-1
and
Identifier: 76QCIA3aO9WOjkW6g2SAGQXoATI
Subject:
DC=ca,DC=harte-lyne,DC=hamilton,C=CA,ST=Ontario,L=Hamilton,O=Harte & Lyne
Limited,OU=Networked Data Systems,CN=inet11.hamilton.harte-lyne.ca
However, this certificate does not show up in the webui list of certificates
available :
My Certificates
Find a list of your certificates below.
No data available
How is this accomplished?
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
