Skip to Content Information Center
Markvision Enterprise

Markvision Enterprise

Installing OpenXPKI CA

  1. Connect the machine using PuTTY or another client.

  2. From the client, run the sudo su - command to go to the root user.

  3. Enter the root password.

  4. In nano /etc/apt/sources.list, change the source for installing the updates.

  5. Update the file. For example:

    # deb cdrom:[Debian GNU/Linux 8.11.1 _Jessie_ - Official amd64 CD Binary-1 20190211-02:10]/ jessie local main
    # deb cdrom:[Debian GNU/Linux 8.11.1 _Jessie_ - Official amd64 CD Binary-1 20190211-02:10]/ jessie local main
    deb jessie/updates main
    deb-src jessie/updates main
    # jessie-updates, previously known as 'volatile'
    # A network mirror was not selected during install.  The following entries
    # are provided as examples, but you should amend them as appropriate
    # for your mirror of choice.
    deb main
    deb-src main
    deb main
  6. Save the file.

  7. Run the following commands:

    • apt-get update
    • apt-get upgrade
  8. Update the CA certificate lists in the server using apt-get install ca-certificates.

  9. Install en_US.utf8 locale using dpkg-reconfigure locales.

  10. Select the en_US.UTF-8 UTF-8 locale, and then make it the default locale for the system.

    Note:  Use the Tab and spacebar keys for selecting and navigating the menu.

  11. Check the locales that you have generated using locale –a.

    Sample output

  12. Copy the fingerprint of the OpenXPKI package using nano /home/Release.key. For this instance, copy the key in /home.

  13. Type 9B156AD0 F0E6A6C7 86FABE7A D8363C4E 1611A2BE 2B251336 01D1CDB4 6C24BEF3 as the value.

  14. Run the following command:

    • gpg --print-md sha256 /home/Release.key
  15. Add the package using the wget -O - | apt-key add - command.

  16. Add the repository to your source list (jessie) using echo "deb release" > /etc/apt/sources.list.d/openxpki.list, and then aptitude update.

  17. Install MySQL and Perl MySQL binding using aptitude install mysql-server libdbd-mysql-perl.

  18. Install apache2.2-common using aptitude install apache2.2-common.

  19. In nano /etc/apt/sources.list, install the fastcgi module to speed up the user interface.

    Note:  We recommend using mod_fcgid.

  20. Add the deb main line in the file, and then save it.

  21. Run the following commands:

    • apt-get update
    • aptitude install libapache2-mod-fcgid
  22. Enable the fastcgi module using a2enmod fcgid.

  23. Install the OpenXPKI core package using aptitude install libopenxpki-perl openxpki-cgi-session-driver openxpki-i18n.

  24. Restart the Apache® server using service apache2 restart.

  25. Check whether the installation is successful using openxpkiadm version.

    Note:  If the installation is successful, then the system shows the version of the installed OpenXPKI. For example, Version (core): 2.5.5.

  26. Create the empty database, and then assign the database user using mysql -u root –p.


    • This command must be typed in the client. Otherwise, you cannot enter the password.
    • Type the password for the MySQL. For this instance, root is the MySQL user.
    • openxpki is the user on which OpenXPKI is installed.
    CREATE DATABASE openxpki CHARSET utf8; 
    CREATE USER 'openxpki'@'localhost' IDENTIFIED BY 'openxpki';
    GRANT ALL ON openxpki.* TO 'openxpki'@'localhost';
    flush privileges;

    If the MySQL service is not running, then run /etc/init.d/mysql start to start the service.

  27. Type quit to exit from MySQL.

  28. Store the used credentials in /etc/openxpki/config.d/system/database.yaml.

    Sample file content

    debug: 0
    type: MySQL
    name: openxpki
    host: localhost
    port: 3306
    user: openxpki 
    passwd: openxpki

    Note:  Change user and passwd to match the MySQL user name and password.

  29. Save the file.

  30. For empty database schema, run zcat /usr/share/doc/libopenxpki-perl/examples/schema-mysql.sql.gz | \mysql -u root --password --database openxpki from the provided schema file.

  31. Enter the password for the database.

Was this article helpful?