Hi Alaa,
in which chain dont you see the root ? The "primary" views will always
show the parent signer certificate which is SignerCA1 in your case but
in the background the chain is there and it should also be delivered by
all download options.
Oliver
On 24.07.24 11:39, Alaa Hilal wrote:
Hello,
I followed the above approach. but the rootCA is not showing in the
chain. the top of the chain is showing to be the signingCA from server1.
Am I doing anything wrong?
Regards,
Alaa
On Wed, Jul 24, 2024 at 8:37 AM Alaa Hilal <[email protected]> wrote:
Hello,
Thanks for the clarification I can import them one by one. So can
I follow this process on server 2?
1- import rootCA
2- openxpkiadm certificate import --file root.crt
3- import signingCA from server1 --> here i import it same way?
openxpkiadm certificate import --file signingCAserver1.crt
4- create a key and csr for server2 signing ca and sign it with
server 1 pki
5- create token for the signingca of server 2
....
Does this sound right?
Best regards,
On Wed, Jul 24, 2024 at 8:27 AM Martin Bartosch via OpenXPKI-users
<[email protected]> wrote:
Hi,
> I am trying to install 2 instances of openxpki. For the
first instance I followed the quicksetup in the docs and every
thing is working fine:
> Root CA --> Signing CA (server 1) --> certificate
>
> For the second instance I would like to set it up in a way
that it is under server 1 in the hierarchy. That is I am
trying the chain to look as follows:
> Root CA --> Signing CA (server1) --> signing CA (server 2)
--> certificate
>
> Are there any special instructions that I should follow?
> I am thinking of importing the chain of Root CA --> Signing
CA (server 1) as the root certificate of installation 2. would
that work?
OpenXPKI does not make assumptions on the logical architecture
of the PKI and allows to build any logical topology.
The only actively enforced requirement is that when importing
a CA Signer certificate as as signer token into a PKI Realm
the system must be able to build the certificate chain up to a
trusted Root CA Certificate. This effectively means that you
will have to start importing the Root CA and all necessary
intermediate CA certificates in top-down order first into
OpenXPKI.
Cheers
Martin
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
