How to certify a User ID for a certificate
To create an exportable certification for a binding between a User ID and a certificate, use sq pki vouch add
. In this example, Alice certifies that Bob controls $FPR_BOB and bob@example.com:
$ sq pki vouch add --certifier $FPR_ALICE --cert $FPR_BOB --email=bob@example.com
A certification to mark a certificate as a trusted introducer is done like this:
$ sq pki vouch authorize --certifier $ALICE --cert $FPR_BOB --domain=example.com --email bob@example.com
An updated certificate should then be sent to the certificate holder, who should approve and publish it:
$ sq inspect bob.cert --certifications
$ sq cert import bob.cert
$ sq key approvals update --all --cert $FPR_BOB
Read more about certifications.