Skip to Content Information Center

Markvision Enterprise

Markvision Enterprise

Not your product?

Search the Information Center

Enabling the Signer on Behalf (enrollment agent) certificate

For automatic certificate requests, we are using the Signer on Behalf certificate feature of OpenXPKI.

Stop the OpenXPKI service using openxpkictl stop.

In nano /etc/openxpki/config.d/realm/ca-one/scep/generic.yaml, from the authorized_signer: section, add a rule for the subject name of the signer certificate.
```
rule1:
        		# Full DN
            		subject: CN=Markvision_.*
```
Notes:
- In this rule, any certificate CN starting with Markvision_ is the Signer on Behalf certificate.
- The subject name is set in MVE for generating the Signer on Behalf certificate.
- Review the space and indention in the script file.
- If the CN is changed in MVE, then add the updated CN in OpenXPKI.
- You can specify only one certificate as Signer on Behalf, and then specify the full CN.

Save the file.

Start the OpenXPKI service using openxpkictl start.

Was this article helpful?

Related content

Top