What is a Certification Authority (CA)?
The Certification Authority (CA) issues certificates to Security Servers (authentication certificates) and to X-Road member organizations (signing certificates). CA is an external service provider / component, and it is not part of the X-Road core. Official documentation explaining how to add an approved CA to the Central Server is available at https://github.com/nordic-institute/X-Road/blob/develop/doc/Manuals/ug-cs_x-road_6_central_server_user_guide.md#111-adding-an-approved-certification-service. |
The X-Road operator defines trusted CAs on the Central Server by:
Adding root and intermediate (optional) certificates.
Defining the OCSP responder URL of the CA.
Defining the certificate profile info provider Java class – a class that knows how to read/write the required information from/to certificates.
Every Certificate Authority (CA) has a certificate profile that defines what information is stored in what fields in the certificate. More information about certificate profiles is available here. |
From the X-Road’s point of view a trusted CA may be:
Commercial, globally trusted CA.
Any self hosted CA fulfilling the X-Road’s technical requirements, e.g. EJBCA open source software.
However, the type of the CA (globally trusted vs. self hosted) may affect the legal value of the Security Server message logs.
Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.
|