Certificate installer

Owned by Vineet Singh
Last updated: May 27, 2021 by Mayank (Unlicensed)
2 min read

Objectives

The requirement for implementation of a certification service for creating and installing certificates for the connectors.

 

User story

The user in FarmStack is required to manually issue and install the certificates. The connector is assumed to be packaged and instantiated by a separate service.

  1. There are two types of certificates as described in the slide 3 here:

    1. Device-sub CA which needs to be manually installed

    2. TLS certificates which is automatically installed

  2. The user through the simple UI needs to install the device-sub certificates with a click of a button

 

Technical Requirement

  1. The device-sub certificate is issued by a service provided by a CA that comes pre-configured with the FarmStack software

  2. The certificate installer should fetch the certificate from the service provided by the CA and make it available for the connector connector instatiation

  3. The TLS certificate from ACME2 is generated in the backend dynamically for the connector after getting instantiated

 

Questions

  • What are the details required to be given to the certification body and this should be the part of FarmStack software that is run by the data provider/ consumer?

  • How is the certificate issued by a certification body made available through DAPS to generate dynamic attribute token, specially when DAPS is moved on the participant (IDS participant in the diagram above)?

 

Technical Implementations

  • A custom DAPS server will be setup by Digital Green to validate the Certificates.

  • A system will be setup to generate Certificates by Digital Green, which will then be used for the custom DAPS server.

  • An ACME server is being developed by IDS to generate the certificates.