From 7aae4e8815df21030ea1cc095f91e44b47e3a885 Mon Sep 17 00:00:00 2001
From: Andreas Scheibal <Andreas.Scheibal@t-systems.com>
Date: Fri, 29 Sep 2023 10:58:23 +0200
Subject: [PATCH] chore: Readme changes - hint for certificate generation

---
 README.md | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index b2b8a83..320ca5a 100644
--- a/README.md
+++ b/README.md
@@ -22,7 +22,7 @@
 
 This repository contains the source code of the TNG Key Distribution Service.
 
-The TNG Key Distribution Service is part of the national backends and caches the public keys that are distributed through the [TNG](https://github.com/worldhealthorganization/smart-trust-network-gateway). It is accessed by the DGC Verifier Apps ([Android](https://github.com/eu-digital-green-certificates/dgca-verifier-app-android), [iOS](https://github.com/eu-digital-green-certificates/dgca-verifier-app-ios)) to update the key store periodically.
+The TNG Key Distribution Service is part of the national backends of the participants and caches the public keys that are distributed through the Trust Network Gateway [(TNG)](https://github.com/worldhealthorganization/smart-trust-network-gateway). It can be accessed by clients distributed by the particapants to update their local key store periodically e.g. for offline verification scenarios.
 
 ## Development
 
@@ -38,21 +38,25 @@ The TNG Key Distribution Service is part of the national backends and caches the
   [DDCC Connector](https://github.com/worldhealthorganization/ddcc-gateway-lib) of the [DDCC-Gateway-Lib](https://github.com/worldhealthorganization/ddcc-gateway-lib)
 - Authenticate to [Github Packages](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry)
 
-#### Needed keys for accessing the Trust Network Gateway (TNG) 
+#### Acessing the Trust Network Gateway (TNG) 
 <p id="access-keys"></p>
-For accessing the TNG via the DDCC Connector you need the following keys in place:
 
+For accessing a local development installation of the TNG appropriate private/public key material must be generated. As the gateway checks the right keyusages of the certificates, you can either adapt to the information given at the [WHO Concepts Certificate Governance Site](https://worldhealthorganization.github.io/smart-trust/concepts_certificate_governance.html#certificate-templates) or use the generation script provided on [GitHub 'participants template' repository](https://github.com/WorldHealthOrganization/tng-participant-template)
+
+For accessing the TNG a participant must be onboarded following the [WHO onboarding procedure](https://worldhealthorganization.github.io/smart-trust/concepts_onboarding.html) which will give access to the TNG API.
+
+<!--- For accessing the TNG via the DDCC Connector you need the following keys in place:
 - The public key of the used Gateway. The public key should be stored in the *tls_trust_store*. If you use one of the 
   provided gateways, you will get the public key as .pem from DIGIT. This .pem needs to be converted into pkcs12 format:
-  ````
+  ````  
   openssl pkcs12 -export -in pub_tls.pem -name trust -out tls_trust_store.p12
-  ````
+  ````  
 - Your key pair for accessing the Gateway stored in *tls_key_store*. This needs to be generated by yourself and then whitelisted by operations team (see [onboarding manual](https://github.com/WorldHealthOrganization/smart-trust/blob/main/input/pagecontent/concepts_onboarding_checklist.md) of the Gateway). To use it in the Key Distribution Service this needs to be converted as well into pkcs12 format:
   ````
   openssl pkcs12 -export -in tls.pem -inkey tls_private.pem -name 1 -out tls_key_store.p12
-  ````
-
-- The public key of the TrustAnchor of the Gateway. If you use one of the provided Gateways you will get it as well, at onboarding. The key should be stored in a jks file.
+  ````  
+- The public key of the TrustAnchor of the Gateway. If you use one of the provided Gateways you will get it as well, at onboarding. The key should be stored in a jks file. 
+-->
 
 For more information on how to generate certificates for TNG and how to run your own local one, please have a look in the documentation of the [TNG](https://github.com/worldhealthorganization/smart-trust-network-gateway).