You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the create_keystore command creates a self-signed root Certificate Authority (CA) and uses it for both Permissions CA and Identity CA through symlink.
This approach creates a limitation in how certificates can be managed. Since basically all three CAs (root, Permissions and Identity) are effectively the same, tasks like updating the permissions.xml policy for a single enclave require access to the root CA's private key, which is not ideal. Similarly, adding a cert.pem for a new enclave also requires the root CA's private key. This setup prevents the delegation of responsibilities between the Permissions and Identity CAs.
I've created a PR with these changes. I targeted the Humble branch as it is the one I'm currently using.
Please feel free to dismiss this issue if this functionality is not desired.
The text was updated successfully, but these errors were encountered:
Feature description
Currently the
create_keystorecommand creates a self-signed root Certificate Authority (CA) and uses it for both Permissions CA and Identity CA through symlink.This approach creates a limitation in how certificates can be managed. Since basically all three CAs (root, Permissions and Identity) are effectively the same, tasks like updating the
permissions.xmlpolicy for a single enclave require access to the root CA's private key, which is not ideal. Similarly, adding acert.pemfor a new enclave also requires the root CA's private key. This setup prevents the delegation of responsibilities between the Permissions and Identity CAs.I've created a PR with these changes. I targeted the Humble branch as it is the one I'm currently using.
Please feel free to dismiss this issue if this functionality is not desired.
The text was updated successfully, but these errors were encountered: