Make sure that the “signer on behalf” key in MVE matches the authorized signer key in the CA server
For example:
If the following is the ca.onBehalf.cn key in the platform.properties file in MVE,
ca.onBehalf.cn=Markvision_SQA-2012-23AB.lrdc.lexmark.ds
then the following must be the authorized_signer key in the generic.yaml file in the CA server.
rule1:
# Full DN
Subject: CN=Markvision_SQA-2012-23AB.lrdc.lexmark.ds
For more information on configuring the OpenXPKI CA server, see the OpenXPKI Certificate Authority Configuration Guide.