An operational certificate (op cert) is a signed credential that links a fresh KES key to a stake pool's cold key. The pool operator generates a new op cert each time the KES key is rotated and uploads it to the block-producing node.
Every block the pool produces is signed by the KES key referenced in the current op cert; if the op cert is missing or its KES period range has expired, the pool cannot produce blocks. Op certs let operators keep the long-lived cold key safely offline while still rotating the hot KES key on schedule.
Explore next
- Stake PoolA server node that participates in the Cardano network by validating transactions and producing blocks.View term
- KESKey Evolving Signatures. Block-signing keys that move forward in time to limit the damage of a key compromise.View term
- VRFA cryptographic function that produces a verifiably random output; Cardano uses it inside Ouroboros as a private per-slot lottery, letting each pool check whether it won the right to produce a block, fairly and unpredictably.View term