Identity Certificate Management

Identity Certificate Management in the PLGD Certificate Authority (CA) involves the processes and mechanisms for effectively managing the lifecycle and security of identity certificates issued to users and devices.

The PLGD CA is responsible for issuing OCF (Open Connectivity Foundation) identity certificates to users and devices. These certificates are obtained by signing Certificate Signing Requests (CSRs) submitted by the entities. The CA verifies the authenticity of the CSR and, if validated, issues the corresponding identity certificate.

Identity certificates have a validity period, after which they expire. The PLGD CA automatically deletes non-device-identity certificates once they become invalid. This process ensures that expired certificates do not clutter the system and helps maintain a secure certificate infrastructure.

Identity certificates can be deleted using various methods:

• Device Signoff: Devices can initiate the deletion of their own identity certificates by sending signoff requests to the PLGD CA.
• Device Deletion from Hub: When a device is deleted from the hub using the appropriate interface gRPC Gateway API or HTTP Gateway API, the associated identity certificate records are also deleted.
• Certificate Authority API: The PLGD CA provides both an gRPC API and a HTTP API that allow requesting the deletion of identity certificates.

These deletion mechanisms provide flexibility and control over the management of identity certificates, ensuring that certificates are removed as needed to maintain security and integrity.

• https://docs.plgd.dev/docs/services/certificate-authority/features/
• https://docs.plgd.dev/docs/services/certificate-authority/certificate-authority/
• https://docs.plgd.dev/docs/services/certificate-authority/http-api/
• https://docs.plgd.dev/docs/services/http-gateway/http-api/
• https://docs.plgd.dev/docs/features/control-plane/http-api/