Certificate issuance failed using the OpenXPKI CA server

Make sure that the “signer on behalf” key in MVE matches the authorized signer key in the CA server

For example:

If the following is the ca.onBehalf.cn key in the platform.properties file in MVE,

ca.onBehalf.cn=Markvision_SQA-2012-23AB.lrdc.lexmark.ds

then the following must be the authorized_signer key in the generic.yaml file in the CA server.

rule1:
			# Full DN
					Subject: CN=Markvision_SQA-2012-23AB.lrdc.lexmark.ds

For more information on configuring the OpenXPKI CA server, see the OpenXPKI Certificate Authority Configuration Guide.