Creating a password file for certificate keys

  1. Run the following command:

    nano /etc/certs/openxpki_democa2/pd.pass

  2. Type your password.
  3. Create a signer certificate. For more information, see Creating a signer certificate.
  4. Check whether the import is successful using openxpkiadm alias --realm democa2.
    Note: If you changed the key password of the certificate during certificate creation, update nano /etc/openxpki/config.d/realm/democa2/crypto.yaml.
  5. Generate the CRLs for the second realm. For more information, see Generating CRL information.
    Note: Make sure that you use the correct CA certificate name according to the realm.
  6. Publish the CRLs for this realm. For more information, see Publishing CRL information.
  7. Restart the OpenXPKI service using openxpkictl restart.

    Sample output 

    Stopping OpenXPKI
Stopping gracefully, 3 (sub)processes remaining...
DONE.
Starting OpenXPKI...
OpenXPKI Server is running and accepting requests.
DONE.