Project

General

Profile

Task #2017

Story #2016: create production Certificate Authority

create secure root cert/key and signing cert/key for DataONE

Added by Matthew Jones over 12 years ago. Updated about 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Matthew Jones
Category:
Support Operations
Target version:
Sprint-2012.13-Block.2.3
Start date:
2011-11-10
Due date:
% Done:

100%

Milestone:
CCI-1.0.0
Product Version:
*
Story Points:
Sprint:

Description

We need a new certificate for root that is known secure. This root key should be offline and airgapped, and very long lived. It shoud only be used to create one or a few signing keys, which will be the keys/certs used to manage day-to-day signing operations, and will have shorter (but still fairly long) lifetimes. The Root key will thus be able to revoke any compromised signing keys, and generate new signing keys as the existing ones expire.

History

#1 Updated by Matthew Jones about 12 years ago

  • Status changed from New to Closed

CAs for Root, Production, and Testing were created and checked into SVN at https://redmine.dataone.org/projects/d1/repository/show/software/tools/trunk/ca

Private keys fro all have been written to offline media and distributed to control points. Contact Dave or Matt for certificate creation.

#2 Updated by Matthew Jones about 12 years ago

  • % Done changed from 0 to 100

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)