You can configure the EST endpoint with a tuple composed of the authority portion of the URI and the optional label (for example, www.example.com:80 and arbitraryLabel1). In the following instructions, we use two PKI realms, democa and democa2.
![](https://publications.lexmark.com/media/ids_assets/images/transparent.png)
Copy the default configuration file in cp /etc/openxpki/est/default.conf /etc/openxpki/est/democa.conf.
Note: Name the file as democa.conf.
![](https://publications.lexmark.com/media/ids_assets/images/transparent.png)
In nano /etc/openxpki/est/democa.conf, change the realm value to realm=democa.
Note: According to your needs, you may need to uncomment the corresponding lines for the simpleenroll, simplereenroll, csrattrs, and cacerts sections. Keep the environment sections commented. Do the same for default.conf.
![](https://publications.lexmark.com/media/ids_assets/images/transparent.png)
Create another configuration file in cp /etc/openxpki/est/default.conf /etc/openxpki/est/democa2.conf.
Note: Name the file as democa2.conf.
![](https://publications.lexmark.com/media/ids_assets/images/transparent.png)
In nano /etc/openxpki/est/democa2.conf, change the realm value to realm=democa2.
Note: According to your needs, you may need to uncomment the corresponding lines for the simpleenroll, simplereenroll, csrattrs, and cacerts sections. Keep the environment sections commented.
![](https://publications.lexmark.com/media/ids_assets/images/transparent.png)
Copy the default.yaml file in the following locations:
- cp /etc/openxpki/config.d/realm/democa/est/default.yaml
- /etc/openxpki/config.d/realm/democa/est/democa.yaml
Note: Name the file as democa.yaml.
![](https://publications.lexmark.com/media/ids_assets/images/transparent.png)
Copy the default.yaml file in the following locations:
- cp /etc/openxpki/config.d/realm/democa2/est/default.yaml
- /etc/openxpki/config.d/realm/democa2/est/democa2.yaml
Note: Name the file as democa2.yaml.
![](https://publications.lexmark.com/media/ids_assets/images/transparent.png)
Restart the OpenXPKI service using openxpkictl restart.
If you want to differentiate between login credentials and default certificate templates for different PKI realms, then you may need advanced configuration.