CA created during identity generation

I have just created the CA of my second node (first one just filled up!) and I’m seeing this message as part of the output:

Please *move* CA key to secure storage - it is only needed for identity management and isn't needed to run a storage node!

As far as I understand, the CA key needs to be stored safely to avoid generating a new certificate that can copycat my node on the network, right?

My question is: can this CA (and private key) be used when generating other nodes?
Is it planned to be used somewhere else?

Just asking because I still have (as expected) the certificate, CA, and private keys of my first node and if it can be reused maybe it can be interesting.

Thanks in advance!

The CA is still tied to that individual node. The idea of having it is that it would give you some recourse if your identity key somehow leaked. You could use the CA to revoke the old identity and create a new one with the same CA. I believe this is in theory possible, but I’ve never actually heard of anyone doing it to recover their node.

Generally people just put all 6 files in the same folder and be done with it. Technically you could only put the signed versions of the 2 certs there + the identity key. And store the CA key in cold storage somewhere, so it can never leak.

1 Like