# PCCS Server

The Provisioning Certificate Caching Service (PCCS) is a critical infrastructure component that enables DCAP-based SGX attestation for Secret Network nodes. PCCS acts as a local caching layer between your SGX-enabled hardware and Intel's Provisioning Certificate Service, storing and serving attestation collateral including Platform Certification Keys (PCK certificates), Certificate Revocation Lists (CRLs), TCB information, and enclave identity data. 

PCCS server is developed and maintained by Intel.

For Secret Network validators and node operators, running a PCCS ensures reliable quote generation and verification without depending on real-time access to Intel's remote services—essential for maintaining network uptime and enabling the trusted execution environment that powers Secret Network's confidential smart contracts.

### How to install

#### Register with Intel Trusted Services

1. Visit <https://api.portal.trustedservices.intel.com/>
2. Click "Sign In" (even if you don't have an account)
3. Enter your email.&#x20;

<figure><img src="https://1849345700-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FgF1LuzRcRVxJ2tTkh299%2Fuploads%2FUhiT8LeQgxY3d5NAxzNM%2Fimage.png?alt=media&#x26;token=87f2617a-c603-4eff-8fde-accd37a57d7a" alt=""><figcaption></figcaption></figure>

4. If the email is not known, the registration will start

<figure><img src="https://1849345700-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FgF1LuzRcRVxJ2tTkh299%2Fuploads%2FSP8tYllSQJ1k1zfvhNjh%2Fimage.png?alt=media&#x26;token=870b157d-fd84-400a-8851-8c40e321403f" alt=""><figcaption></figcaption></figure>

#### Obtain an API key

Once logged in to Trusted Services, click "[Intel® SGX and Intel® TDX Registration Service](https://api.portal.trustedservices.intel.com/registration)"

<figure><img src="https://1849345700-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FgF1LuzRcRVxJ2tTkh299%2Fuploads%2Fe78ZuoMVHBUQnLDdE2bm%2Fimage.png?alt=media&#x26;token=8ee350a5-c7dc-41e4-a1c2-e194af8d5eb5" alt=""><figcaption></figcaption></figure>

\
or just go to this URL: <https://api.portal.trustedservices.intel.com/registration>

Once on the Registration Service page, click "Subscribe":

<figure><img src="https://1849345700-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FgF1LuzRcRVxJ2tTkh299%2Fuploads%2FVUUJ9RgCQuBWm02AXPqh%2Fimage.png?alt=media&#x26;token=8a287796-a5f2-4b9b-94a6-f4747e47acd3" alt=""><figcaption></figcaption></figure>

After you confirm your subscription on the following page, you should be taken to the Subscription page. Click "show" next to the primary key and copy it to a secure location:

#### Install PCCS Package

1. Add the official Intel Debian repository to your system sources and import the signing key:

```
curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | \ 
     sudo apt-key add - . /etc/os-release; VERSION_CODENAME=${VERSION_CODENAME} 

sudo add-apt-repository "deb https://download.01.org/intel-sgx/sgx_repo/ubuntu \ 
      $VERSION_CODENAME main" 
      
sudo apt-get update
```

2. Install the PCCS Package

```
sudo apt install sgx-dcap-pccs
```

During the installation you will be prompted for: PCCS API Key: Enter the key you obtained from in the previous step.&#x20;

PCCS Listening Port: Default is typically 8081. PCCS Administrator&#x20;

Password: Set a password for administrative tasks.

3. Verify installation:

```
sudo systemctl status pccs
```

4. PCCS server should be up and running now. Secret Nodes operators can set the URL of the PCCS server their `/etc/sgx_default_qcnl.conf` configuration file