Business requirements and relationships largely dictate how a dynamic application ecosystem is deployed, including which parties fulfill the role of certificate authority and signing authority. Below we detail several of the possible permutations.
As you read through each, keep in mind that Brew MP devices may be configured with multiple root certificates, and that a single certificate authority might enable multiple signing authorities. For these reasons, the examples below are not mutually exclusive. They could all be enabled on a single Brew MP device if the business required it.