diff options
| author | Randy Bush <randy@psg.com> | 2017-05-15 09:33:39 +0900 |
|---|---|---|
| committer | Randy Bush <randy@psg.com> | 2017-10-17 14:31:21 -0700 |
| commit | d0d9eaa9e5c35da5cb599d148e557115f5b768b4 (patch) | |
| tree | aea01cd3d8acd0faabd15e299490466d55d535aa | |
| parent | 6f9e6ae980f50dcc67105eed2b6a8f589cb44de2 (diff) | |
instructions on renewing root cert
| -rw-r--r-- | doc/quickstart/xenial-ca.md | 14 | ||||
| -rw-r--r-- | doc/wiki-dump/doc%2FRPKI%2FRRDPtestbed.md | 8 |
2 files changed, 15 insertions, 7 deletions
diff --git a/doc/quickstart/xenial-ca.md b/doc/quickstart/xenial-ca.md index d1975def..4a4c542b 100644 --- a/doc/quickstart/xenial-ca.md +++ b/doc/quickstart/xenial-ca.md @@ -474,3 +474,17 @@ There are other tools which will let you examine the ASN.1 if you have some reason to do so, but in this case it's not all that interesting, any valid RPKI root key will have identical values for all but one field of the ASN.1, and that field is a 2048-bit hexadecimal integer. + +## Renewing the Root Certificate + +By default, the root certificate has a one year expiration. The +software does not refresh the copy on disk automatically. Therefore it +would be good to put in a cron job something such as the following: + +``` +$ rpkic extract_root_certificate --output_file /usr/share/rpki/tal/root.cer +``` + +Note that the directory and filename will likely need to be adjusted for +your configuration. What does the TAL you publish say the filename and +location are? diff --git a/doc/wiki-dump/doc%2FRPKI%2FRRDPtestbed.md b/doc/wiki-dump/doc%2FRPKI%2FRRDPtestbed.md index 954a19db..e95e48a8 100644 --- a/doc/wiki-dump/doc%2FRPKI%2FRRDPtestbed.md +++ b/doc/wiki-dump/doc%2FRPKI%2FRRDPtestbed.md @@ -31,16 +31,11 @@ You should only need to perform these steps once for any particular machine. Add the GPG public key for this repository (optional, but APT will whine unless you do this): - - # wget -q -O - http://download.rpki.net/APTng/apt-gpg-key.asc | sudo apt-key add - - Configure APT to use this repository (for Ubuntu Trusty systems): - - # wget -q -O /etc/apt/sources.list.d/rpki.list http://download.rpki.net/APTng/rpki.trusty.list @@ -446,8 +441,7 @@ setup). [3]: http://www.rfc-editor.org/rfc/rfc6810.txt - [4]: -https://trac.rpki.net/wiki/doc/RPKI/RRDPtestbed#UsingtherpkicCLIinsetupphase + [4]: https://trac.rpki.net/wiki/doc/RPKI/RRDPtestbed#UsingtherpkicCLIinsetupphase [5]: https://my.ripe.net/#/provisioning/non-hosted |