Trust policies

Trust policies in Enclave are root certificates within a given trust chain are distributed to users and nodes. This allows users and nodes to trust the certificates issued by that trust chain. Trust can be can be applied to different agents based on agent type or labels.

System trust store

When the agent recieves trusted roots based on a trust policy, it will install the root certificate to the system trust store. Depending on the operating system, different services within your system may (or may not) use the system trust store to verify valid certificate chains. For example, web browsers on MacOS and Windows typically use the system trust store, while some Linux distributions may use their own trust store (e.g., Mozilla's NSS database).

When you remove a trust policy, the agent will remove the root certificate from the system trust store. This means that any certificates issued by that trust chain will no longer be trusted by the system.