This section serves as a reminder that for SenseCrypt Face PKI features to work, you must configure the issuers_private_key in your secrets.json file while running the server (please see the Starting the server section).
If you do not set this, most SenseCrypt Face PKI end-points will return the following error with a 403 status code:
{"code":"ERR_ISSUER_PRIVATE_KEY_NOT_SET","message":"The issuer's private key is not set. Please set the issuer's private key before attempting this operation."}
Assuming you have setup your private key, in the next section we will understand how a third-party can access your Root CA Certificate for Face Certificate verification.
If you want to independently generate a key-pair (without using the installation script), it is described here.
