Menu
▾
▴
Re: [OpenXPKI-users] Use of a custom CA
|
From: Martin B. <vc...@cy...> - 2026-02-25 15:55:33
|
Hi Erika, > I am currently working with OpenXPKI to implement a custom certificate chain. My goal is to establish a personalized CA hierarchy directly within the system. > According to the documentation, I have proceeded with creating a new realm, generating a private key, and setting up the CA certificate. You can find the batch file containing the configuration steps I followed here below: > Unfortunately, this initial setup was unsuccessful. As a workaround, we attempted to remove the default CA in "democa" and replace it with our own. While this operation and the subsequent token creation were successful, we have encountered a critical issue: the token appears as offline within the OpenXPKI server. > Could you please advise if there is a more straightforward or better-documented procedure for importing a custom CA? Any guidance on why the token might be stuck offline would be greatly appreciated. The setup script you posted is obviously AI generated and therefore very likely defective. Please understand that we cannot assist you prompting your AI or debugging its defective output. If you wish to set up your a PKI customized to your requirements, this is very much doable with the existing documentation and the (currently still useful) trove of knowledge on the mailing list. We are happy to help you with any specific questions with regard to particular problems. Describe your problem in a way that we can understand it and we will do our best to help. Feel free to contact White Rabbit Security if you prefer a professional services with regard to design, configuration, deployment and support of a company PKI. Our OpenXPKI Enterprise Edition offer includes correctly prepared configuration, extensive documentation and fully functional setup according to your particular PKI design. Cheers Martin |
