Docs/Node Certificate

Node Certificate

How node certificates authenticate individual nodes within the Staex network.

Overview#

A node certificate contains the node's public key (which is also its node ID) along with additional metadata, all cryptographically signed by the network private key. This signature binds the node's identity to a specific network and proves that the node was authorized to join.

Chain of Trust#

Node certificates sit at the leaf level of a three-tier trust hierarchy:

The Staex root key signs network certificates
The network private key signs node certificates
The node certificate authenticates the individual node

This chain allows any participant to verify that a given node legitimately belongs to a specific network without contacting a central server.

Generation#

Node certificates are generated automatically during mcc init. You can also generate a new node certificate manually:

bash

mcc generate-node-certificate

The network private key is required to sign the certificate. This command is useful when rotating node identities or provisioning certificates for devices that have not yet been initialized.

Node ID

Network Certificate