You can configure the EST endpoint with a tuple composed of the authority portion of the URI and the optional label (for example, www.example.com:80 and arbitraryLabel1). In the following instructions, we use two PKI realms, democa and democa2.
Copy the default configuration file in cp /etc/openxpki/est/default.conf /etc/openxpki/est/democa.conf.
Note: Name the file as democa.conf.
In nano /etc/openxpki/est/democa.conf, change the realm value to realm=democa.
Note: According to your needs, you may need to uncomment the corresponding lines for the simpleenroll, simplereenroll, csrattrs, and cacerts sections. Keep the environment sections commented. Do the same for default.conf.
Create another configuration file in cp /etc/openxpki/est/default.conf /etc/openxpki/est/democa2.conf.
Note: Name the file as democa2.conf.
In nano /etc/openxpki/est/democa2.conf, change the realm value to realm=democa2.
Note: According to your needs, you may need to uncomment the corresponding lines for the simpleenroll, simplereenroll, csrattrs, and cacerts sections. Keep the environment sections commented.
Copy the default.yaml file in the following locations:
- cp /etc/openxpki/config.d/realm/democa/est/default.yaml
- /etc/openxpki/config.d/realm/democa/est/democa.yaml
Note: Name the file as democa.yaml.
Copy the default.yaml file in the following locations:
- cp /etc/openxpki/config.d/realm/democa2/est/default.yaml
- /etc/openxpki/config.d/realm/democa2/est/democa2.yaml
Note: Name the file as democa2.yaml.
Restart the OpenXPKI service using openxpkictl restart.
If you want to differentiate between login credentials and default certificate templates for different PKI realms, then you may need advanced configuration.