The following instructions show how to generate a signer certificate in the second realm. You can use the same root and vault certificates as those in the first realm.
Create an OpenSSL configuration file in nano /etc/certs/openxpki_democa2/openssl.conf.
Note: Change the certificate common name so that the user can easily distinguish between different certificates for different realms. The certificate files are created in the /etc/certs/openxpki_democa2/ directory.
Go to the directory of the vault certificate in the first realm, and then import the certificate from the first realm.
Run the following code:
- openxpkiadm alias --realm democa2 --token datasafe --file vault.crt