Question
Based on the following sample Certificate Signing Request (CSR):
- What is the intended usage of server v/s client certificate, from a data recipients perspective?
- For a data recipient, during communication(server to server API) with data holder or registry should we use client or server certificate?
- Also data recipient needs to host the jwks and revoke end points. In this case do these end points need to support two-way SSL(MATLS)? What is the type of certificate to be used here?
Answer
Please refer to the Certificate Management section of the CDR Register design where the certificate signing request profile has been published.
1. What is the intended usage of server v/s client certificate, from a data recipients perspective?
Client certificates are used when calling MTLS protected endpoints hosted by either Data Holders or the CDR Register.
Please refer to:
1. The Endpoints section of the Consumer Data Standards: https://consumerdatastandardsaustralia.github.io/standards/#end-points
2. The Register APIs section of the CDR Register Design: https://cdr-register.github.io/register/#consumer-data-right-cdr-register-apis
2. For a data recipient, during communication(server to server API) with data holder or registry should we use client or server certificate?
The Client certificate. Please look at first answer in this list.
3. Also data recipient needs to host the jwks and revoke end points. In this case do these end points need to support two-way SSL(MATLS)? What is the type of certificate to be used here?
No. Again, please again refer to the endpoints section of the Consumer Data Standards as it is specified there. TLS endpoints can be protected with either public or ACCC CA issued server certificates.
Comments
0 comments
Please sign in to leave a comment.