Key and Certificate Management

Secure key management is a necessary requirement for any cryptographic product. Users must be able to obtain keys as required for their security needs, have a method of looking up other's public keys, publicize their own keys, and determine that a key is valid. Certificates are used for this purpose.

Certificates must be unforgeable, obtainable in a secure manner, and processed in such a way that an unauthorized user cannot misuse them. This means that the network manager must handle the following issues:

Loss or compromise of a private key
Verifiable signature after key expiration
Expiration dates
Secure storage of private keys

Note -
Two systems can still communicate even after one of the systems's certificate has expired; communication between two peers persists until you issue a skipd_restart command.

Previous: Certificates
Next: Adding Certificates or Local Identities with install_skip_keys