diff options
Diffstat (limited to 'doc/doc.RPKI.CA.Configuration.CreatingRoot')
| -rw-r--r-- | doc/doc.RPKI.CA.Configuration.CreatingRoot | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/doc.RPKI.CA.Configuration.CreatingRoot b/doc/doc.RPKI.CA.Configuration.CreatingRoot index 093dadce..fbdf0bc4 100644 --- a/doc/doc.RPKI.CA.Configuration.CreatingRoot +++ b/doc/doc.RPKI.CA.Configuration.CreatingRoot @@ -67,6 +67,14 @@ rpki.conf: rpki-root-cert = ${myrpki::publication_base_directory}/root.cer +You must place the generated root.key in a safe location where it is readable +by rootd but not accessible to the outside world, then you need to tell rootd +where to find it by setting the appropriate variable in rpki.conf. The +directory where the daemons keep their BPKI keys and certificates should be +suitable for this: + + rpki-root-key = ${myrpki::bpki_servers_directory}/root.key + To create a TAL format trust anchor locator use the make-tal.sh script from $top/rcynic: |