Updating certificates and trust anchors for Direct

How to install / update certificates and trust anchors for Direct

• You need to log in as admin onto: https://console.directca.org
  admin login: NIST

• Create a new User Profile and fill it out.

• Create a new Trust Anchor Certificate:
  Go to the admin section > Certificates > Trust Anchor Certificates and click "Add Trust Anchor Certificate". Fill it out. Fields "email" and "DNS" have to match.
  Validate your Trust Anchor Certificate: go to the admin section> Certificates > Trust Anchor Certificates and click "verify".

• Create a new Endpoint Certificate (same process):
  Go to the admin section > Certificates > Endpoint Certificates, click "new", fill it out, and verify it.

• Download your certificate.

• In order to have a fully communicating system working, first you need to exchange trust anchor certificates between two servers (install each one on the other server).
  Ex.: Log on to http://direct.microphr.com:8081/config-ui/ using Alan's instructions (cf Notes below) and install the transparenthealth trust anchor on it. Do the same thing in reverse on transparenthealth.

• Creating an invalid certificate: the DNS must not match the email address.

• Creating an expired certificate: OpenSSL does not let you create an expired certificate, so you need to create one valid until the next day and wait until it expires.

Notes

Alan's documentation: https://github.com/meaningfuluse/mu2/blob/master/transport/direct-hello-world.md