By default, in OpenXPKI only one certificate with the same subject name can be active at a time. But when you are enforcing multiple Named Certificates, multiple active certificates with the same subject name must be present at a time.
In /etc/openxpki/config.d/realm/REALM NAME/scep/generic.yaml, from the policy section, change the value of max_active_certs from 1 to 0.
Notes:
- REALM NAME is the name of the realm. For example, ca‑one.
- Review the space and indentation in the script file.
Restart the OpenXPKI service using openxpkictl restart.