Demonstration of subdomain as root of trust

[trbouma]

I was successful in deploying a subdomain as a root of trust.

See here

https://credentials.trustroot.ca/

Main steps.

1. create A record to point to deployed instance of sandbox app
2. create _cert.subdomain record with issuer public key material (need to generate keypair for subdomain)
3. add to deployed instance of sandbox app the corresponding private key and subdomain info.
4. update reverse proxy to handle subdomain
5. run certbot to get TLS certificate (note this is for https only - nothing to do with issuance/verification
6. optional: add users/pubkeys that are part of the subdomain root of trust
7. restart deployed instance, use scripts/verify_did.py to confirm and third-party sites such as universalresolver.io to confirm.

example of third-party did doc resolution where examplecorp is part of credentials.trustroot.ca

https://dev.uniresolver.io/#did:web:credentials.trustroot.ca:examplecorp