Delegate to Child CAs¶
Krill supports delegating resources from your CA(s) to so-called child CAs. This function is primarily used by National Internet Registries (NIRs) that use Krill for their RPKI service. Most non-registry organisations will have no need for this function, as they simply have no members or customers to delegate resources to.
However, this function may still come in useful for example for larger organisations with many resources and complex organisational structure or customers who are in charge of using some of their IP or ASN resources.
There is no UI support for managing child CAs, but you can use the CLI krillc children subcommands to achieve this:
USAGE: krillc children [SUBCOMMAND] SUBCOMMANDS: add Add a child to a CA info Show info for a child (id and resources) update Update an existing child of a CA response Show the RFC8183 Parent Response XML connections Show connections stats for children of a CA suspend Suspend a child CA: hide certificate(s) issued to child unsuspend Suspend a child CA: republish certificate(s) issued to child remove Remove an existing child from a CA