search

NLnetLabs / krill

RPKI Certificate Authority and Publication Server written in Rust
https://nlnetlabs.nl/projects/routing/krill/
Mozilla Public License 2.0
295 stars 42 forks source link

We cannot use embedded Trust Anchor "ta" in ver 0.13.0 #1068

Closed yushoyamaguchi closed 1 year ago

yushoyamaguchi commented 1 year ago

We cannot use embedded Trust Anchor "ta" in ver 0.13.0. However, the name "ta" is reserved name. Is this change intentional? .....................................................................................

Screenshot from 2023-05-27 23-36-50 Screenshot from 2023-05-27 23-36-36

timbru commented 1 year ago

Apologies, I should have made this more clear in the release notes.

The TA support has had a big overhaul - we hope (and aimed) for the better. If you want to set up a TA manually, then please follow these steps:

https://krill.docs.nlnetlabs.nl/en/stable/trust-anchor.html

However, you may want to set up a testbed instead. If you run krill in testbed mode, then it will create and manage a TA for you automatically - and create a CA called 'testbed' under that TA. You can then set up your own child CAs under that testbed CA. This guide should work for that:

https://krill.docs.nlnetlabs.nl/en/stable/testbed.html

Please let me know if you run into any issues. I will close this issue for now, but feel free to re-open if you run into anything.

yushoyamaguchi commented 1 year ago

Thank, you. I could use the CA "testbed" .