Certificate Authority (CA)
According to the TAF and TAP regulations, rail interoperability is based on a common Information Exchange Architecture, known and adopted by all participants. This will encourage new entrants and lower barriers for them.
It is possible to implement a hybrid Peer-to-Peer model over the public Internet network, with a decentralised common interface (CI) located at each actor’s node and a central certificate authority.
RNE acts as a Certificate Authority (CA) and provides X-509 certificates to support secure communication between partners, along with message-based encryption and signature.
X-509 certificates are requested for:
- SSL/TLS communication on Https between CI A and CI B, and between CI A / CI B and CRD
- Encryption of messages
- Signature of messages.
Only certificates from the RNE Certificate Authority (with the same root) will trust each other.
Users shall request certificates by sending a valid CSR file (CSR stands for: Certificate Signing Request) to the RNE CA.
RNE service support
The RNE Certificate Authority (CA) issues high-quality digital certificates built on open source technologies for companies who are CI users. As a CA, RNE performs functions associated with public key operations. This includes receiving requests, issuing, revoking and renewing a digital certificate.
As a Certificate Authority, RNE provides certificate services within the RNE PKI (Public Key Infrastructure) and will:
- Issue and publish certificates in a timely manner in accordance with the issuance periods set out by RNE. The expiry time of the certificates has been set to two years
- Revoke certificates, upon receipt of a valid request from a person authorised to request revocation
- Publish and update CRLs (Certificate Revocation Lists)
- Distribute issued certificates in accordance with the procedures specified by RNE.