Import the root certificate, signer certificate, vault certificate, and SCEP certificate into the database with the appropriate tokens.
Run the following commands:
openxpkiadm certificate import --file /etc/certs/openxpki_ca-one/ca-root-1.crt
openxpkiadm certificate import --file /etc/certs/openxpki_ca-one/ca-signer-1.crt --realm ca-one --token certsign
openxpkiadm certificate import --file /etc/certs/openxpki_ca-one/scep-1.crt --realm ca-one --token scep
openxpkiadm certificate import --file /etc/certs/openxpki_ca-one/vault-1.crt --realm ca-one --token datasafe
Check whether the import is successful using openxpkiadm alias --realm ca-one.
Sample output
=== functional token ===
scep (scep):
Alias : scep-1
Identifier: YsBNZ7JYTbx89F_-Z4jn_RPFFWo
NotBefore : 2015-01-30 20:44:40
NotAfter : 2016-01-30 20:44:40
vault (datasafe):
Alias : vault-1
Identifier: lZILS1l6Km5aIGS6pA7P7azAJic
NotBefore : 2015-01-30 20:44:40
NotAfter : 2016-01-30 20:44:40
ca-signer (certsign):
Alias : ca-signer-1
Identifier: Sw_IY7AdoGUp28F_cFEdhbtI9pE
NotBefore : 2015-01-30 20:44:40
NotAfter : 2018-01-29 20:44:40
=== root ca ===
current root ca:
Alias : root-1
Identifier: fVrqJAlpotPaisOAsnxa9cglXCc
NotBefore : 2015-01-30 20:44:39
NotAfter : 2020-01-30 20:44:39
upcoming root ca:
not set