...
Cert Name | Description | Issuer | Private Key held by | CSR generated by | Certificate Generated by | Actions required by LFI | |
|---|---|---|---|---|---|---|---|
C1 | Identifies the TPP to OFP | OFTF | TPP | TPP | TPP | None | |
S2 | Identifies non mtls OFP endpoints to TPP | Lets Encrypt | Ozone | NA | Ozone | None | |
S1 | Identifies mtls OFP endpoints to TPP | OFTF | Ozone | Ozone | LFI | Yes | Ozone will provide a CSR and the LFI should use the OFTF to produce the certificate |
C4 | Identifies OFP to LFI’s Ozone Connect endpoint | OFTF | Ozone | Ozone | LFI | Yes | |
S3 | Identifies | OFTF | Ozone | Ozone | LFI | Yes | |
S4 | Identifies LFI’s Ozone Connect endpoint to Ozone | OFTF | LFI | LFI | LFI | Yes | Ozone will provide scripts to the LFI to assist with CSR generation if requested The subject of the C3 certificate should be provided to Ozone. Ozone will limit access to certificates issued by OFTF AND having that specific subject |
C3 | Identifies LFI to the | OFTF | LFI | LFI | LFI | Yes |
...