Configuring OpenXPKI CA using default script

Note: The default script configures only the default realm, ca-one. The CDP and CRLs are not configured.
  1. Unzip the sample script for installing the certificate using gunzip -k /usr/share/doc/libopenxpki-perl/examples/sampleconfig.sh.gz.
  2. Run the script using bash /usr/share/doc/libopenxpki-perl/examples/sampleconfig.sh.
  3. Confirm the setup using openxpkiadm alias --realm ca-one.

    Sample output 

    === functional token ===
scep (scep):
Alias    : scep-1
Identifier: YsBNZ7JYTbx89F_-Z4jn_RPFFWo
NotBefore : 2015-01-30 20:44:40
NotAfter  : 2016-01-30 20:44:40

vault (datasafe):
Alias    : vault-1
Identifier: lZILS1l6Km5aIGS6pA7P7azAJic
NotBefore : 2015-01-30 20:44:40
NotAfter  : 2016-01-30 20:44:40

ca-signer (certsign):
Alias    : ca-signer-1
Identifier: Sw_IY7AdoGUp28F_cFEdhbtI9pE
NotBefore : 2015-01-30 20:44:40
NotAfter  : 2018-01-29 20:44:40

=== root ca ===
current root ca:
Alias     : root-1
Identifier: fVrqJAlpotPaisOAsnxa9cglXCc
NotBefore : 2015-01-30 20:44:39
NotAfter  : 2020-01-30 20:44:39

upcoming root ca:
  not set
  4. Check whether the installation is successful using openxpkictl start.

    Sample output 

    Starting OpenXPKI...
OpenXPKI Server is running and accepting requests.
DONE.
  5. Do the following to access the OpenXPKI server:
    1. From a web browser, type http://ipaddress/openxpki/.
    2. Log in as Operator. The default password is openxpki.
      Note: The Operator login has two preconfigured operator accounts, raop and raop2.
  6. Create one certificate request, and then test it.