Configuring OpenXPKI CA using the default script

Notes: The default script configures only the default realm, ca-one. The CDP and CRLs are not configured.
  1. Run the script using bash /usr/share/doc/libopenxpki-perl/examples/sampleconfig.sh.
  2. Confirm the setup using openxpkiadm alias --realm democa.

    Sample output 

    === functional token ===
scep (scep):
Alias    : scep-1
Identifier: YsBNZ7JYTbx89F_-Z4jn_RPFFWo
NotBefore : 2015-01-30 20:44:40
NotAfter  : 2016-01-30 20:44:40

vault (datasafe):
Alias    : vault-1
Identifier: lZILS1l6Km5aIGS6pA7P7azAJic
NotBefore : 2015-01-30 20:44:40
NotAfter  : 2016-01-30 20:44:40

ca-signer (certsign):
Alias    : ca-signer-1
Identifier: Sw_IY7AdoGUp28F_cFEdhbtI9pE
NotBefore : 2015-01-30 20:44:40
NotAfter  : 2018-01-29 20:44:40

=== root ca ===
current root ca:
Alias     : root-1
Identifier: fVrqJAlpotPaisOAsnxa9cglXCc
NotBefore : 2015-01-30 20:44:39
NotAfter  : 2020-01-30 20:44:39

upcoming root ca:
  not set
  3. Check whether the installation is successful using openxpkictl start.

    Sample output 

    Starting OpenXPKI...
OpenXPKI Server is running and accepting requests.
DONE.
  4. Do the following to access the OpenXPKI server:
    1. From a web browser, type http://ipaddress/openxpki/.
    2. Add the user name and their corresponding passwords in a userdb.yaml file. To add the user name and the password, do the following:

      • Check out to /home/pkiadm, and then nano userdb.yaml.

      • Paste the following:

        estRA:  
       digest:"{ssha256}somePassword”
       role: RA Operator
        Notes: In this instance, estRA refers to the user name. To generate the password, type openxpkiadm hashpwd. When a message asking for the password and a ssha256 encrypted password appears, copy and paste it to the digest of any user.
      Notes: The available roles in the Operator login are RA Operator, CA Operator, and user.
  5. Enter the user name and password.
  6. Create one certificate request, and then test it.