During certificate initialization, certificates and private keys will be read from the following paths, if present:
<VAR>/bootstrap/etc/access/keys/ca.crt- certificate authority PEM
<VAR>/bootstrap/etc/access/keys/ca.private.key- certificate authority private key PEM
<VAR>/bootstrap/etc/access/keys/root.crt- token issuer PEM
<VAR>/bootstrap/etc/access/keys/private.key- token issuer private key PEM
Implications of Creating and Changing the Key Pair
Resetting the token certificate (by loading new ones) will effectively revoke all of the tokens that have been generated. If you want to reset your certificates but maintain the token that were created previously, you will need to copy the old root.cert
into the trusted directory: /var/etc/access/keys/trusted
. See Resetting Token Certificates.