Certificate Generation
Note
This method of certificate generation is intended only for demonstration purposes with this reference architecture, and it is highly recommended this not be used in a production environment.
Background and Further Reading
The EU Digital Covid Certificate project uses and generates many different certificates and certificate authorities (CAs). A summary of the most important certificates and CAs has been included in the table below. For a full list of these, please refer to the upstream documentation for complete documentation of these certificates and CAs.
| Owner | Name | Signed By CA | Description |
|---|---|---|---|
| EU | Trustanchor | Self-Signed | Root Certificate Authority (CA) |
| Country | Auth | Trustanchor | The Auth cert is used to authenticate against the EU Gateway for read operations |
| Country | Upload | Trustanchor | The Upload cert is used to authenticate against the EU Gateway for upload (write) operations |
| Country | CSCA | Trustanchor | The Country Signing Certificate Authority (CSCA) is used to sign Document Signer Certificates |
| Country | DSC | Country CSCA | The Document Signer Certificates (DSC) are used to sign individual Digital Covid Certificates |
| Individual | DCC | Country DSC | The Digital Covid Certificate (DCC) that is issued to members of the general public |
Generating the required certificates for the Reference Architecture
Use the following command from the root folder of the Git clone to automatically generate the necessary certs for use in a test environment. For a production deployment, please refer to the upstream dgc-participating-countries project for guidance on generating certificates, safe handling of certificates, and onboarding those certificates to the EU gateway.
$ make certs
[ .. SNIP .. ]
Signing IE Auth Cert
Signing IE CSCA Cert
Signing IE Upload Cert
DONE
Calls to Action
Read about deployment in the next section.