Each OEM manufacturing direct clients that interact with DNSP/DSO using Grid Services function of SwitchDin must be issued a unique MICA. Similarly, SwitchDin also has a MICA which is used to produce certificates for Droplets.
This MICA is hosted by Digicert under an account managed by SwitchDin that follows this certificate chain:
The steps for an OEM to receive MICA certificate are as follows:
1. OEM provide the following information to SwitchDin
- For which environment does the OEM need a MICA: Test or Production?
- OEM provide the following parameters that will be used in the MICA Subject:
O = Organisation Name
OU = Organisation Unit (likely not needed)
CN = Common Name - Please provide the contact details (First name, Last name, Email) of the OEM Authoriser, and OEM Certificate Manager if a different person. These individuals will be requested to check their identity and sign off the relevant certificate policy and practice statement as per Australian cybersecurity guidelines.
-
OEM to create a 2030.5 private key and generate a CSR
Please ensure that you keep the private key used in this process secure at all times.
Here is a script for this first step:cert_name=$1
pk_alg="ecparam"
pk_alg_name="prime256v1"
mkdir -p private
mkdir -p csrs
echo "-- Creating Key Pair"
openssl $pk_alg \
-genkey \
-name $pk_alg_name \
-out private/$cert_name.pem
echo "-- Creating CSR"
openssl req \
-new \
-key private/$cert_name.pem \
-subj "/" \
-out csrs/$cert_name.csr
Once you are ready, please address your request directly to SwitchDin using this form.
2. SwitchDin contact the OEM nominated Authoriser/Certificate Manager to run an Identity check and approval of the certificate policy and practice statement.
3. SwitchDin prepares official request for MICA creation at the next weekly DigiCert ceremony, securely passing the OEM CSR.
4. DigiCert creates OEM MICA in DigiCert platform.
5. SwitchDin securely return the MICA bundle to the OEM