Goals
The goal is to provide a reliable, secure and timely method for RSEs to download certificates.
Background and Strategic Fit
The download will include the RSE application certificate, a local certificate chain file (LCCF), and a local policy file (LPF). The RSE will first attempt to download a LCCF (containing the PCA certificate chain required to validate the application certificate) and a LPF and process both LCCF and LPF to ensure that it is able to interpret certificates generated by the SCMS correctly. The RSE will then attempt to download the RSE application certificate.
Assumptions
- RSE has successfully executed Step 13.1: Request RSE Application Certificate
- RA retrieved the issued certificate from PCA, zipped, and stored it in a folder for RSE to download
Process Steps
- RSE downloads the Local Policy File (LPF) and the Local Certificate Chain File (LCCF), as before in Step 13.1: Request RSE Application Certificate
- If there is an updated LCCF, RSE applies all changes to its trust-store (necessary for PCA Certificate Validations)
- If there is an updated LPF, RSE applies those changes. If those changes include changes to request parameters, RSE must skip this use case and follow Step 13.1: Request RSE Application Certificate.
- RSE downloads application certificates using the API documented in RA - Download Application Certificate
Error Handling
The RSE will abandon further interactions with the RA after a certain number of failed communication attempts resulted in errors.