-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to I find the right certification path and which specific certificates I need? #388
Comments
Additionally, someone can verify if a certificate meets a profile by using the CPCT. |
the actual CA certs can be found in the crawler cert bundle of all certs that validate to common from the following file: |
@rsherwood-gsa is this related to the graph you maintain? |
It was opened over a year and half ago, so I'm not sure if it's related to what we've done. This is a more generic question from Ken about constructing a set of certificates for use in a relying party environment. The desired outcome of this appears to be a playbook. |
We get a lot of questions of "what is the latest CA for this PIV" or "I want to trust all certs from x vendor". I share the two or three pages I mentioned and it seems like we can make this more efficient somehow. |
Let's list out some use cases. Let me know if I'm on the right track:
Any other use cases? |
I dont know if we can get down to the independent trust path level, but the planned installroot coordination with DoD would at least give us the ability to provide for several categories of trust and the ability to export those bundles. |
Description of Issue:
A user needs to build a certificate bundle for trust store management. How do they identify what paths they need?
There are multiple pages in FPKI guide that show a separate process to figure out a path, but nothing on how to build a bundle.
Once they know what certificates they need, they need to figure out how to make a bundle. This is only for PIV. With agencies issuing PIV-I, there is no guidance on how to identify or build a path for PIV-I.
One practical example is if an agency is presented as a PIV or PIV-I their existing configuration builds a path. How can an agency verify that path is correct?
Suggestions
Create a new page on how to identify a path and then build a bundle for both PIV or PIV-I
The text was updated successfully, but these errors were encountered: