Make sure that the “signer on behalf” key in MVE matches the authorized signer key in the CA server
If the following is the ca.onBehalf.cn key in the platform.properties file in MVE,
then the following must be the authorized_signer key in the generic.yaml file in the CA server.
# Full DN
For more information on configuring the OpenXPKI CA server, see the OpenXPKI Certificate Authority Configuration Guide.