Creating a signer certificate

The following instructions show how to generate a signer certificate in the second realm. You can use the same root and vault certificates as those in the first realm.

  1. Create an OpenSSL configuration file in nano /etc/certs/openxpki_democa2/openssl.conf.
    Note: Change the certificate common name so that the user can easily distinguish between different certificates for different realms. The certificate files are created in the /etc/certs/openxpki_democa2/ directory.
  2. Go to the directory of the vault certificate in the first realm, and then import the certificate from the first realm.
  3. Run the following code:

    openxpkiadm alias --realm democa2 --token datasafe --file vault.crt