Setting up the webserver

  1. Run the following commands:
    • a2enmod ssl rewrite headers
    • a2ensite openxpki
    • a2dissite 000-default default-ssl
    • mkdir -m755 -p /etc/openxpki/tls/chain
    • cp /etc/certs/openxpki_democa/ca-root-1.crt /etc/openxpki/tls/chain/
    • cp /etc/certs/openxpki_democa/ca-signer-1.crt /etc/openxpki/tls/chain/
    • c_rehash /etc/openxpki/tls/chain/
    • mkdir -m755 -p /etc/openxpki/tls/endentity
    • mkdir -m700 -p /etc/openxpki/tls/private
    • cp /etc/certs/openxpki_democa/web-1.crt /etc/openxpki/tls/endentity/openxpki.crt
    • cat /etc/certs/openxpki_democa/ca-signer-1.crt >> /etc/openxpki/tls/endentity/openxpki.crt
    • openssl rsa -in /etc/certs/openxpki_democa/web-1.key -passin file:/etc/certs/openxpki_democa/pd.pass -out /etc/openxpki/tls/private/openxpki.pem
    • chmod 400 /etc/openxpki/tls/private/openxpki.pem
  2. Restart the Apache service using apache2 restart.
  3. Run the following command to check the successful import of the files:

    openxpkiadm alias --realm democa

    Sample output 

    === functional token ===
ca-signer (certsign):
  		Alias     : ca-signer-2
  		Identifier: XjC6MPbsnyfLZkI9Poi9vm4Z5rk
 		 NotBefore : 2022-04-06 10:03:01
  		NotAfter  : 2032-04-03 10:03:01

vault (datasafe):
  		Alias     : vault-2
  		Identifier: G8ekluAsskGVC0N-jZhB2n9kvdM
  		NotBefore : 2022-04-06 09:53:57
  		NotAfter  : 2025-04-10 09:53:57

scep (scep):
  		not set

ratoken (cmcra):
  		not set

=== root ca ===
current root ca:
  		Alias     : root-2
  		Identifier: prTHU5vCfcJuCnQWyb5wUknvXQM
  		NotBefore : 2022-04-06 09:40:27
  		NotAfter  : 2032-01-04 09:40:27