[OpenXPKI-users] R: Use of a custom CA

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Thank you for the answer.
The fact is that the documentation is missing a lot and it contains also errors.
The batch file that we created was developed step by step using the documentation.
I want to focus now on a simpler path, so remove the default CA in "democa" and replace it with our own. Is it possible? Everything works, but the fact is that in the OpenXPKI server, the token appears as offline. Do you have any suggestions on why it is happening?

Best regards
________________________________
Da: Martin Bartosch via OpenXPKI-users <ope...@li...>
Inviato: mercoledì 25 febbraio 2026 16:36
A: ope...@li... <ope...@li...>
Cc: Martin Bartosch <vc...@cy...>
Oggetto: Re: [OpenXPKI-users] Use of a custom CA

[Non ricevi spesso messaggi di posta elettronica da ope...@li.... Per informazioni sull'importanza di questo fatto, visita https://aka.ms/LearnAboutSenderIdentification.]

Hi Erika,

> I am currently working with OpenXPKI to implement a custom certificate chain. My goal is to establish a personalized CA hierarchy directly within the system.
> According to the documentation, I have proceeded with creating a new realm, generating a private key, and setting up the CA certificate. You can find the batch file containing the configuration steps I followed here below:

>  Unfortunately, this initial setup was unsuccessful. As a workaround, we attempted to remove the default CA in "democa" and replace it with our own. While this operation and the subsequent token creation were successful, we have encountered a critical issue: the token appears as offline within the OpenXPKI server.
> Could you please advise if there is a more straightforward or better-documented procedure for importing a custom CA? Any guidance on why the token might be stuck offline would be greatly appreciated.

The setup script you posted is obviously AI generated and therefore very likely defective. Please understand that we cannot assist you prompting your AI or debugging its defective output.

If you wish to set up your a PKI customized to your requirements, this is very much doable with the existing documentation and the (currently still useful) trove of knowledge on the mailing list. We are happy to help you with any specific questions with regard to particular problems. Describe your problem in a way that we can understand it and we will do our best to help.

Feel free to contact White Rabbit Security if you prefer a professional services with regard to design, configuration, deployment and support of a company PKI. Our OpenXPKI Enterprise Edition offer includes correctly prepared configuration, extensive documentation and fully functional setup according to your particular PKI design.

Cheers

Martin

_______________________________________________
OpenXPKI-users mailing list
Ope...@li...
https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fopenxpki-users&data=05%7C02%7Cerika.debardi%40rse-web.it%7Ce260e777f2694f7d0f4108de7486d3bd%7C2de962948ad84c67b400a0d5ba661c6f%7C0%7C0%7C639076319746854497%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C60000%7C%7C%7C&sdata=OqoctkUu9oan%2B9LuUnCtgqAqn0YoKuQoDB0RxumJ420%3D&reserved=0<https://lists.sourceforge.net/lists/listinfo/openxpki-users>

RSE SpA ha adottato il Modello Organizzativo ai sensi del D.Lgs.231/2001, in forza del quale l'assunzione di obbligazioni da parte della Società avviene con firma di un procuratore, munito di idonei poteri. RSE adopts a Compliance Programme under the Italian Law (D.Lgs.231/2001). According to this RSE Compliance Programme, any commitment of RSE is taken by the signature of one Representative granted by a proper Power of Attorney.

Le informazioni contenute in questo messaggio di posta elettronica sono riservate e confidenziali e ne e' vietata la diffusione in qualsiasi modo o forma. Qualora Lei non fosse la persona destinataria del presente messaggio, La invitiamo a non diffonderlo e ad eliminarlo, dandone gentilmente comunicazione al mittente. The information included in this e-mail and any attachments are confidential and may also be privileged. If you are not the correct recipient, you are kindly requested to notify the sender immediately, to cancel it and not to disclose the contents to any other person.