Checklist - Certificate Authority¶
Use this checklist as a Certificate Authority to prepare for a TRC signing ceremony.
Preparation¶
Defined where asymmetric EC private key is stored
Defined roles and principals that have access to the private keys for signature creation.
Grant appropriate access through appropriate policies.
Created root certificate
Defined subject information for root certificate
Self-signed root certificate with the private key
using
scion-pki certificate createStored root certificate for later use in the ceremony
Ceremony¶
Access to environment that can run
scion-pkiestablishedscion-pki-binary installed
Root certificate available
Post Ceremony¶
Configure PKI engine with the Root certificate that was included in the TRC.
Initiate the periodic CA certificate renewal process.