From ac1970544711673edcde2f1bc2753711f5b1106c Mon Sep 17 00:00:00 2001 From: RPKI Documentation Robot Date: Wed, 9 Oct 2013 22:00:17 +0000 Subject: Automatic pull of documentation from Wiki. svn path=/trunk/; revision=5560 --- doc/doc.RPKI.CA.Configuration.CreatingRoot | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'doc/doc.RPKI.CA.Configuration.CreatingRoot') diff --git a/doc/doc.RPKI.CA.Configuration.CreatingRoot b/doc/doc.RPKI.CA.Configuration.CreatingRoot index 093dadce..fbdf0bc4 100644 --- a/doc/doc.RPKI.CA.Configuration.CreatingRoot +++ b/doc/doc.RPKI.CA.Configuration.CreatingRoot @@ -67,6 +67,14 @@ rpki.conf: rpki-root-cert = ${myrpki::publication_base_directory}/root.cer +You must place the generated root.key in a safe location where it is readable +by rootd but not accessible to the outside world, then you need to tell rootd +where to find it by setting the appropriate variable in rpki.conf. The +directory where the daemons keep their BPKI keys and certificates should be +suitable for this: + + rpki-root-key = ${myrpki::bpki_servers_directory}/root.key + To create a TAL format trust anchor locator use the make-tal.sh script from $top/rcynic: -- cgit v1.2.3