Add prereqs, fix list formatting

crandmck · crandmck · commit 0af1bfd18b6f · 2025-02-05T14:49:59.000-08:00
diff --git a/docs/trust-list.mdx b/docs/trust-list.mdx
@@ -28,42 +28,58 @@ The [contentcredentials.org](https://contentcredentials.org/) site hosts the fol
 
 ## Checking your certificate
 
-Before requesting to add your signing certificate to the known certificate list, perform a preliminary check on your certificate by following these steps:
+Before requesting to [add your signing certificate to the known certificate list](#how-to-add-a-certificate-to-the-list), perform a preliminary check to ensure the certificate is configured properly.
+
+### Prerequisites
+
+The preliminary certificate check procedure below requires the following tools. You must install them if you haven't done so already:
+
+- [jq](https://jqlang.org/), a lightweight and flexible command-line JSON processor. On macOS, if you have [Homebrew](https://brew.sh/), you can install jq by entering `brew install jq`.
+- [OpenSSL](https://www.openssl.org/), a cryptographic software library and CLI. It's installed on many systems such as macOS (but make sure you have a recent version). If OpenSSL is not installed on your system, see the [list of unofficial binary distributions](https://wiki.openssl.org/index.php/Binaries).
+- [C2PA Tool](c2patool/readme.md), the command line tool for working with C2PA manifests and media assets.
+
+### Procedure
+
+:::note
+In the example commands given below, `cert.pem` is your certificate file.
+:::
+
+Check your certificate by following these steps:
 
 1. **Ensure that signing with the certificate doesn't have any validation errors** by using a C2PA Tool command like this:
 
-```
-c2patool ./image.jpg trust --allowed_list ./cert.pem
-```
+   ```
+   c2patool ./image.jpg trust --allowed_list ./cert.pem
+   ```
 
-Confirm that the result does not contain a `validation_status` field, which indicates an error.
+   Confirm that the result does not contain a `validation_status` field, which indicates an error.
 
 1. **Confirm that the `signature_info.issuer` field in the manifest is correct**. This field determines what [Verify displays for the organization name](verify.mdx#title-and-signing-information) after "Issued by ...". Use a C2PA Tool command like this:
 
-```
-c2patool ./image.jpg trust --allowed_list ./cert.pem \
-| jq --args '.manifests[].signature_info.issuer'
-```
+   ```
+   c2patool ./image.jpg trust --allowed_list ./cert.pem \
+   | jq --args '.manifests[].signature_info.issuer'
+   ```
 
-The response should be something like this:
+   The response should be something like this:
 
-```
-"XYZ Inc."
-```
+   ```
+   "XYZ Inc."
+   ```
 
-Where "XYZ Inc." is the name of your organization.
+   Where "XYZ Inc." is the name of your organization.
 
 1. **Use `openssl` to perform basic verification of the certificate** you're submitting; for example:
 
-```
-openssl x509 -noout -text -in 'cert.pem' | grep 'Subject:'
-```
+   ```
+   openssl x509 -noout -text -in 'cert.pem' | grep 'Subject:'
+   ```
 
-Example response:
+   Example response:
 
-```
-Subject: organizationIdentifier=XYZ-7155227, C=US, ST=Delaware, L=Dover, O=Whatever Inc., SN=xxx, GN=xxx, CN=xxx
-```
+   ```
+   Subject: organizationIdentifier=XYZ-7155227, C=US, ST=Delaware, L=Dover, O=Whatever Inc., SN=xxx, GN=xxx, CN=xxx
+   ```
 
 ## Using the known certificate list
 
