You can configure the EST endpoint with a tuple composed of the authority portion of the URI and the optional label (for example, www.example.com:80 and arbitraryLabel1). In the following instructions, we use two PKI realms, democa and democa2.
-
Copy the default configuration file in cp /etc/openxpki/est/default.conf /etc/openxpki/est/democa.conf.
Note: Name the file as democa.conf.
-
In nano /etc/openxpki/est/democa.conf, change the realm value to realm=democa.
Note: According to your needs, you may need to uncomment the corresponding lines for the simpleenroll, simplereenroll, csrattrs, and cacerts sections. Keep the environment sections commented. Do the same for default.conf.
-
Create another configuration file in cp /etc/openxpki/est/default.conf /etc/openxpki/est/democa2.conf.
Note: Name the file as democa2.conf.
-
In nano /etc/openxpki/est/democa2.conf, change the realm value to realm=democa2.
Note: According to your needs, you may need to uncomment the corresponding lines for the simpleenroll, simplereenroll, csrattrs, and cacerts sections. Keep the environment sections commented.
-
Copy the default.yaml file in the following locations:
Note: Name the file as democa.yaml.
-
Copy the default.yaml file in the following locations:
Note: Name the file as democa2.yaml.
-
Restart the OpenXPKI service using openxpkictl restart.
Select the following URLs to open the EST server corresponding to a realm via a web browser:
If you want to differentiate between login credentials and default certificate templates for different PKI realms, then you may need advanced configuration.