Certificate Authority (CA)

According to the TAF and TAP regulations, rail interoperability is based on a common Information Exchange Architecture, known and adopted by all participants. This will encourage new entrants and lower barriers for them.

It is possible to implement a hybrid Peer-to-Peer model over the public Internet network, with a decentralised common interface (CI) located at each actor’s node and a central certificate authority.


Architecture supporting p2p communication


RNE acts as a Certificate Authority (CA) and provides X-509 certificates to support secure communication between partners, along with message-based encryption and signature.
X-509 certificates are requested for:

  • SSL/TLS communication on Https between CI A and CI B, and between CI A / CI B and CRD
  • Encryption of messages
  • Signature of messages.

Only certificates from the RNE Certificate Authority (with the same root) will trust each other.

Users shall request certificates by sending a valid CSR file (CSR stands for: Certificate Signing Request) to the RNE CA.

RNE service support

The RNE Certificate Authority (CA) issues high-quality digital certificates built on open source technologies for companies who are CI users. As a CA, RNE performs functions associated with public key operations. This includes receiving requests, issuing, revoking and renewing a digital certificate.

As a Certificate Authority, RNE provides certificate services within the RNE PKI (Public Key Infrastructure) and will:

  • Issue and publish certificates in a timely manner in accordance with the issuance periods set out by RNE. The expiry time of the certificates has been set to two years
  • Revoke certificates, upon receipt of a valid request from a person authorised to request revocation
  • Publish and update CRLs (Certificate Revocation Lists)
  • Distribute issued certificates in accordance with the procedures specified by RNE.