How to certify a User ID for a certificate

To create an exportable certification for a binding between a User ID and a certificate, use sq pki vouch add. In this example, Alice certifies that Bob controls $FPR_BOB and bob@example.com:

$ sq pki vouch add --certifier $FPR_ALICE --cert $FPR_BOB --email=bob@example.com

A certification to mark a certificate as a trusted introducer is done like this:

$ sq pki vouch authorize --certifier $ALICE --cert $FPR_BOB --domain=example.com --email bob@example.com

An updated certificate should then be sent to the certificate holder, who should approve and publish it:

$ sq inspect bob.cert  --certifications
$ sq cert import bob.cert
$ sq key approvals update --all --cert $FPR_BOB

Read more about certifications.