Creating a vault certificate

Notes:
  • The vault certificate is self‑signed.
  • Replace the key length, signature algorithm, and certificate name with the appropriate values.
  1. Run the following command:

    openssl req -new -x509 -keyout vault.key -out vault.crt -days 1100 -config /etc/certs/openxpki_democa/openssl.conf

  2. Change the subject in the request with your CA information using openxpkiadm certificate import --file vault.crt.
  3. Run the following command:

    openxpkiadm alias --realm democa --token datasafe --file vault.crt --key vault.key

    Note: Provide the necessary values, but keep /CN=DataVault as the subject.