Closed SZoerner closed 3 years ago
The specification currently allows for any certificate (that is able to sign another certificate; so the (sub/chain)CA flag needs to be set to TRUE) to be permitted as a CSCA. A document detailing this was in the works - see the minutes from the last meeting.
Thanks for your answer. Can this be considered as stable?
Best we have now - but I would wait for the documented to be formally adopted - hopefully with the onboarding spec.
Following
@dirkx Are talking about this document?
@SZoerner Yes this is the document. It's open for review to 4.5.
I have a clarification question regarding the Certificate Signing Certificate Authority (CSCA): Could we use a public commercial CA root as CSCA -> a country-specific one (D-Trust for Germany), but one not exclusively used for the EU Gateway?