Project

General

Profile

Task #2017

Story #2016: create production Certificate Authority

create secure root cert/key and signing cert/key for DataONE

Added by Matthew Jones about 10 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Support Operations
Start date:
2011-11-10
Due date:
% Done:

100%

Milestone:
CCI-1.0.0
Product Version:
*
Story Points:
Sprint:

Description

We need a new certificate for root that is known secure. This root key should be offline and airgapped, and very long lived. It shoud only be used to create one or a few signing keys, which will be the keys/certs used to manage day-to-day signing operations, and will have shorter (but still fairly long) lifetimes. The Root key will thus be able to revoke any compromised signing keys, and generate new signing keys as the existing ones expire.

History

#1 Updated by Matthew Jones almost 10 years ago

  • Status changed from New to Closed

CAs for Root, Production, and Testing were created and checked into SVN at https://redmine.dataone.org/projects/d1/repository/show/software/tools/trunk/ca

Private keys fro all have been written to offline media and distributed to control points. Contact Dave or Matt for certificate creation.

#2 Updated by Matthew Jones almost 10 years ago

  • % Done changed from 0 to 100

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)