Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix hyperlinks from pr-699 #761

Merged
merged 1 commit into from
Oct 17, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions source/reference-manual/security/device-gateway.rst
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ Benefits of owning your Factory PKI are two-fold:
The Factory :ref:`Root of Trust <Root-of-Trust>` **can only be set once**; subsequent attempts will fail.
Other Factory PKI certificates can be updated at any time; having that you own your Factory Root of Trust.

`Contact customer support <https://support.foundries.io>` if you need your Factory PKI being reset.
`Contact customer support <https://support.foundries.io>`_ if you need your Factory PKI being reset.
Once a reset was performed, all connected devices will lose their connection.
These devices will not be able to connect to the Device Gateway until they are re-provisioned with a new Root of Trust.
On practice that usually means that these devices need to be re-flashed (after the Factory PKI reset).
Expand Down Expand Up @@ -238,7 +238,7 @@ We recommend the following workflow:
FoundriesFactory advices you to also prepare a separate plan how to deal with already compromised devices.

3. Rotate client certificates on your devices which have a client certificate issued by a Device CA you are revoking.
You may use Foundries.io hosted ref:`ref-cert-rotation` service, or use your own certificate rotation workflow.
You may use Foundries.io hosted :ref:`ref-cert-rotation` service, or use your own certificate rotation workflow.
Make sure that new device client certificates are issued by one of Device CAs enabled at your Factory.

4. Revoke the Device CA.
Expand Down
12 changes: 6 additions & 6 deletions source/user-guide/device-gateway-pki/device-gateway-pki.rst
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,10 @@ However, the same cryptographic functions can be implemented using `OpenSSL <htt
The Factory :ref:`Root of Trust <Root-of-Trust>` **can only be set once**; subsequent attempts will fail.
Other Factory PKI certificates can be updated at any time; having that you own your Factory Root of Trust.

`Contact customer support <https://support.foundries.io>` if you need your Factory PKI being reset.
Once a reset was performed, all connected devices will lose their connection.
`Contact customer support <https://support.foundries.io>`_ if you need your Factory PKI being reset.
Once you perform a reset, all connected devices will lose their connections.
These devices will not be able to connect to the Device Gateway until they are re-provisioned with a new Root of Trust.
On practice that usually means that these devices need to be re-flashed (after the Factory PKI reset).
In practice this usually means that these devices need to be re-flashed after the Factory PKI reset.


Taking Ownership of Factory PKI Using the API
Expand All @@ -39,9 +39,9 @@ This command communicates with the FoundriesFactory API to create and update Fac
First, a command calls the API to initialize a Factory PKI, which performs the following actions:

- Verify if the Factory PKI was already initialized, and fail if a user attempts to initialize an already initialized PKI.
- Generates a server-side crypto-key for the ref:`tls-crt` and returns a Certificate Signing Request (CSR) for it.
- Optionally generates a server-side crypto-key for the ref:`online-ca` and returns a CSR for it.
- Optionally generates a server-side crypto-key for the ref:`est-tls-crt` and returns a CSR for it.
- Generates a server-side crypto-key for the :ref:`tls-crt` and returns a Certificate Signing Request (CSR) for it.
- Optionally generates a server-side crypto-key for the :ref:`online-ca` and returns a CSR for it.
- Optionally generates a server-side crypto-key for the :ref:`est-tls-crt` and returns a CSR for it.

Once the ``fioctl keys ca create`` command receives a response, it performs the following actions:

Expand Down
Loading