diff --git a/.gitignore b/.gitignore
index 0d48720..257e53d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
 /go-fdo-server-0.0.4-vendor.tar.bz2
 /go-fdo-server-0.0.4.tar.gz
+/go-fdo-server-1.0.0.tar.gz
+/go-fdo-server-1.0.0-vendor.tar.bz2
diff --git a/.packit.yaml b/.packit.yaml
new file mode 100644
index 0000000..9a032e8
--- /dev/null
+++ b/.packit.yaml
@@ -0,0 +1,185 @@
+---
+# https://packit.dev/docs/configuration/
+
+# We want to generate packages with the original commit sha
+# https://packit.dev/docs/configuration#merge_pr_in_ci
+merge_pr_in_ci: false
+
+files_to_sync:
+  - src:
+      - ".packit.yaml"
+      - "build/package/rpm/go-fdo-server.spec"
+      - "build/package/rpm/go-fdo-server-group.conf"
+      - "build/package/rpm/go-fdo-server-*-user.conf"
+      - "build/package/rpm/go-fdo-server-*-vendor.tar.bz2"
+    dest: .
+
+issue_repository: https://github.com/fido-device-onboard/go-fdo-server
+
+upstream_package_name: go-fdo-server
+downstream_package_name: go-fdo-server
+
+upstream_tag_template: v{version}
+copy_upstream_release_description: true
+
+srpm_build_deps:
+  - git
+  - golang
+  - go-vendor-tools
+  - python3-tomlkit
+  - askalono-cli
+  - rpmdevtools
+
+packages:
+  go-fdo-server-fedora:
+    downstream_package_name: go-fdo-server
+    upstream_package_name: go-fdo-server
+    specfile_path: build/package/rpm/go-fdo-server.spec
+  go-fdo-server-centos:
+    downstream_package_name: go-fdo-server
+    upstream_package_name: go-fdo-server
+    specfile_path: build/package/rpm/go-fdo-server.spec
+    pkg_tool: centpkg
+
+actions:
+  post-modifications:
+    # https://fedora.gitlab.io/sigs/go/go-vendor-tools/scenarios/#manual-update
+    - |
+      bash -xc '
+      #! /bin/bash
+      export GOTOOLCHAIN=auto
+      export BASE_DIR=${PACKIT_UPSTREAM_REPO}/build/package/rpm
+      export GO_VENDOR_TOOLS_CONFIG=${BASE_DIR}/go-vendor-tools.toml
+      export SPEC_FILE=${BASE_DIR}/go-fdo-server.spec
+      # Download the source tarball (Source0) needed by go_vendor_archive
+      spectool -g -C ${BASE_DIR} ${SPEC_FILE}
+      go_vendor_archive create --config ${GO_VENDOR_TOOLS_CONFIG} ${SPEC_FILE}
+      go_vendor_license \
+        --config ${GO_VENDOR_TOOLS_CONFIG} \
+        --path ${SPEC_FILE} \
+        report \
+        --verify-spec
+      if [ -n "${PACKIT_DOWNSTREAM_REPO}" ]; then
+        cp "${BASE_DIR}/go-fdo-server-${PACKIT_PROJECT_VERSION}-vendor.tar.bz2" "${PACKIT_DOWNSTREAM_REPO}"
+      fi
+      '
+
+jobs:
+
+  # Fedora jobs
+
+  # We build and test Fedora 43 ('latest-stable'), Fedora 44 ('latest' when branched) and Fedora Rawhide
+  # because they are the only ones officially released with golang >= 1.25.0
+  - &copr_fedora
+    job: copr_build
+    packages: [go-fdo-server-fedora]
+    trigger: pull_request
+    targets: &copr_fedora_targets
+      - "fedora-latest-stable-x86_64"
+      - "fedora-latest-stable-aarch64"
+      - "fedora-latest-x86_64"
+      - "fedora-latest-aarch64"
+      - "fedora-rawhide-x86_64"
+      - "fedora-rawhide-aarch64"
+
+    # Build all versions in '@fedora-iot/copr' copr because it's possible to add golang >= 1.25.0
+    # see: https://copr.fedorainfracloud.org/coprs/g/fedora-iot/fedora-iot/edit_chroot/fedora-42-x86_64/
+  - <<: *copr_fedora
+    trigger: commit
+    branch: main
+    owner: "@fedora-iot"
+    project: fedora-iot
+    targets:
+     - "fedora-stable-x86_64"
+     - "fedora-stable-aarch64"
+     - "fedora-development-x86_64"
+     - "fedora-development-aarch64"
+     - "fedora-eln-x86_64"
+     - "fedora-eln-aarch64"
+
+  # Only Fedora >= 43 have golang >= 1.25.0
+  # https://packit.dev/docs/configuration/upstream/propose_downstream
+  - job: propose_downstream
+    trigger: release
+    packages: [go-fdo-server-fedora]
+    dist_git_branches: ["fedora-development", "fedora-latest-stable"]
+
+  - job: koji_build
+    trigger: commit
+    allowed_pr_authors:
+      - packit
+      - all_committers
+    dist_git_branches: &fedora_dist_git_branches
+      - "fedora-latest-stable"
+      - "fedora-latest"
+      - "fedora-rawhide"
+
+  - job: bodhi_update
+    trigger: commit
+    allowed_builders:
+      - packit
+      - all_committers
+    dist_git_branches: *fedora_dist_git_branches
+
+  # Fedora E2E Testing jobs
+  # We build and test Fedora 43 ('latest-stable'), Fedora 44 ('latest' when branched) and Fedora Rawhide
+  # because they are the only ones officially released with golang >= 1.25.0
+  - job: tests
+    trigger: pull_request
+    identifier: rpm-e2e-fedora
+    tmt_plan: test/fmf/plans/rpm-e2e
+    packages: [go-fdo-server-fedora]
+    targets: *copr_fedora_targets
+
+  - job: tests
+    trigger: pull_request
+    identifier: bootc-e2e-fedora
+    tmt_plan: test/fmf/plans/bootc-e2e
+    packages: [go-fdo-server-fedora]
+    targets: # Temporarily disabling rawhide due to bug https://issues.redhat.com/browse/HMS-9867
+      - "fedora-latest-stable-x86_64"
+      - "fedora-latest-stable-aarch64"
+
+  # CentOS jobs
+
+  - &copr_centos
+    job: copr_build
+    packages: [go-fdo-server-centos]
+    trigger: pull_request
+    targets: &copr_centos_targets
+      - "centos-stream-9-x86_64"
+      - "centos-stream-9-aarch64"
+      - "centos-stream-10-x86_64"
+      - "centos-stream-10-aarch64"
+
+  # Build also for epel-9 and epel-10 in '@fedora-iot/fedora-iot' copr
+  - <<: *copr_centos
+    trigger: commit
+    branch: main
+    owner: "@fedora-iot"
+    project: fedora-iot
+    targets:
+      - "centos-stream-9-x86_64"
+      - "centos-stream-9-aarch64"
+      - "centos-stream-10-x86_64"
+      - "centos-stream-10-aarch64"
+      - "epel-9-x86"
+      - "epel-9-aarch64"
+      - "epel-10-x86"
+      - "epel-10-aarch64"
+
+  # https://packit.dev/docs/configuration/upstream/propose_downstream#syncing-the-release-to-centos-stream
+  - job: propose_downstream
+    trigger: release
+    packages: [go-fdo-server-centos]
+    dist_git_branches:
+      - "c10s"
+
+  # CentOS E2E Testing jobs
+  #
+  - job: tests
+    trigger: pull_request
+    identifier: rpm-e2e-centos
+    tmt_plan: test/fmf/plans/rpm-e2e
+    packages: [go-fdo-server-centos]
+    targets: *copr_centos_targets
diff --git a/README.packit b/README.packit
new file mode 100644
index 0000000..c6477eb
--- /dev/null
+++ b/README.packit
@@ -0,0 +1,3 @@
+This repository is maintained by packit.
+https://packit.dev/
+The file was generated using packit 1.14.0.
diff --git a/go-fdo-server.spec b/go-fdo-server.spec
index 8e38883..e4c6b1d 100644
--- a/go-fdo-server.spec
+++ b/go-fdo-server.spec
@@ -4,9 +4,16 @@
 # https://github.com/fido-device-onboard/go-fdo-server
 %global goipath         github.com/fido-device-onboard/go-fdo-server
 
-%global debug_package   %{nil}
+%global with_debug 1
 
-Version:        0.0.4
+%if 0%{?with_debug}
+%global _find_debuginfo_dwz_opts %{nil}
+%global _dwz_low_mem_die_limit 0
+%else
+%global debug_package %{nil}
+%endif
+
+Version:        1.0.0
 
 %gometa -L -f
 
@@ -46,28 +53,34 @@ devices when they are first powered on in their final location.
 
 %build
 %global gomodulesmode GO111MODULE=on
-export LDFLAGS="-X %{goipath}/internal/version.VERSION=%{version}"
+# https://discussion.fedoraproject.org/t/why-does-the-go-compiler-uses-x-nodwarf5-by-default/179804
+# https://github.com/golang/go/issues/75079
+export GOEXPERIMENT="nodwarf5"
+export GO_LDFLAGS="-X %{goipath}/internal/version.VERSION=%{version}"
 %gobuild -o %{gobuilddir}/bin/go-fdo-server %{goipath}
 
 %install
 install -m 0755 -vd %{buildroot}%{_bindir}
-install -m 0755 -vp -s %{gobuilddir}/bin/* %{buildroot}%{_bindir}
-# Configuration dir
-install -m 0755 -vd %{buildroot}%{_sysconfdir}/%{name}
+install -m 0755 -vp %{gobuilddir}/bin/* %{buildroot}%{_bindir}
+# Configuration
+install -m 0750 -vd %{buildroot}%{_sysconfdir}/%{name}
+install -m 0644 -vp configs/manufacturing.yaml %{buildroot}%{_sysconfdir}/%{name}
+install -m 0644 -vp configs/owner.yaml %{buildroot}%{_sysconfdir}/%{name}
+install -m 0644 -vp configs/rendezvous.yaml %{buildroot}%{_sysconfdir}/%{name}
+# Certificates
+install -m 0750 -vd %{buildroot}%{_sysconfdir}/pki/%{name}
 # Sysusers
 install -m 0644 -vp -D %{SOURCE2} %{buildroot}/%{_sysusersdir}/go-fdo-server.conf
 install -m 0644 -vp -D %{SOURCE3} %{buildroot}/%{_sysusersdir}/go-fdo-server-manufacturer.conf
 install -m 0644 -vp -D %{SOURCE4} %{buildroot}/%{_sysusersdir}/go-fdo-server-rendezvous.conf
 install -m 0644 -vp -D %{SOURCE5} %{buildroot}/%{_sysusersdir}/go-fdo-server-owner.conf
-# Sysconfig files
-install -m 0755 -vd %{buildroot}%{_sysconfdir}/sysconfig
-install -m 0644 -vp -D configs/sysconfig/* %{buildroot}%{_sysconfdir}/sysconfig/
 # Systemd units
 install -m 0755 -vd %{buildroot}%{_unitdir}
 install -m 0644 -vp -D init/systemd/* %{buildroot}%{_unitdir}
 # Helpers
-install -m 0755 -vd %{buildroot}%{_datadir}/%{name}
-install -m 0755 -vp -D scripts/* %{buildroot}%{_datadir}/%{name}
+install -m 0755 -vd %{buildroot}%{_libexecdir}/%{name}
+install -m 0755 -vp scripts/cert-utils.sh %{buildroot}%{_libexecdir}/%{name}
+install -m 0755 -vp scripts/generate-go-fdo-server-certs.sh %{buildroot}%{_libexecdir}/%{name}
 
 %check
 %if %{with check}
@@ -76,16 +89,14 @@ install -m 0755 -vp -D scripts/* %{buildroot}%{_datadir}/%{name}
 
 %files
 %license LICENSE vendor/modules.txt
-%doc DOCKERFILE_USAGE.md FSIM_USAGE.md README.md SECURITY.md
+%doc CERTIFICATE_SETUP.md CONFIG.md DOCKERFILE_USAGE.md FSIM_USAGE.md README.md SECURITY.md
 %{_bindir}/go-fdo-server
-%config(noreplace) %attr(770, root, go-fdo-server) %{_sysconfdir}/%{name}
+%dir %attr(750, root, go-fdo-server) %{_sysconfdir}/%{name}
+%dir %attr(750, root, go-fdo-server) %{_sysconfdir}/pki/%{name}
 %{_sysusersdir}/%{name}.conf
-%dir %{_datadir}/%{name}
-%{_datadir}/%{name}/fdo-utils.sh
-%{_datadir}/%{name}/cert-utils.sh
-%{_datadir}/%{name}/generate-manufacturer-certs.sh
-%{_datadir}/%{name}/generate-device-ca-certs.sh
-%{_datadir}/%{name}/generate-owner-certs.sh
+%dir %{_libexecdir}/%{name}
+%{_libexecdir}/%{name}/cert-utils.sh
+%{_libexecdir}/%{name}/generate-go-fdo-server-certs.sh
 
 %pre
 %sysusers_create_compat %{SOURCE2}
@@ -104,9 +115,11 @@ preparing devices for the on-boarding process during the manufacturing phase.
 %files manufacturer
 # Systemd unit
 %{_unitdir}/go-fdo-server-manufacturer.service
-%config(noreplace) %{_sysconfdir}/sysconfig/go-fdo-server-manufacturer
 # Sysuser
 %{_sysusersdir}/go-fdo-server-manufacturer.conf
+# Default config
+%config(noreplace) %attr(644, root, go-fdo-server) %{_sysconfdir}/%{name}/manufacturing.yaml
+
 %pre manufacturer
 %sysusers_create_compat %{SOURCE3}
 
@@ -133,9 +146,11 @@ voucher.
 %files rendezvous
 # Systemd unit
 %{_unitdir}/go-fdo-server-rendezvous.service
-%config(noreplace) %{_sysconfdir}/sysconfig/go-fdo-server-rendezvous
 # Sysuser
 %{_sysusersdir}/go-fdo-server-rendezvous.conf
+# Default config
+%config(noreplace) %attr(644, root, go-fdo-server) %{_sysconfdir}/%{name}/rendezvous.yaml
+
 %pre rendezvous
 %sysusers_create_compat %{SOURCE4}
 
@@ -162,9 +177,11 @@ necessary credentials and configuration for operation.
 %files owner
 # Systemd unit
 %{_unitdir}/go-fdo-server-owner.service
-%config(noreplace) %{_sysconfdir}/sysconfig/go-fdo-server-owner
 # Sysuser
 %{_sysusersdir}/go-fdo-server-owner.conf
+# Default config
+%config(noreplace) %attr(644, root, go-fdo-server) %{_sysconfdir}/%{name}/owner.yaml
+
 %pre owner
 %sysusers_create_compat %{SOURCE5}
 
diff --git a/sources b/sources
index 8d898ad..77ebd38 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (go-fdo-server-0.0.4-vendor.tar.bz2) = 8a74f3c34a21b63d0f28f2f6aa8ddfbfc0a51d6dad191484d5f6f442afd6b0899d4241a46598dd1879c14174c266ffedd02520858e8375149deb6bfca7953e98
-SHA512 (go-fdo-server-0.0.4.tar.gz) = d417f33ee09be9c750f4f5212392c4ed656d5bb3b684865f1e6720b3d3600fa8790f41e18d21f35abf9922e98bcec44bf51ce956bfaf5d4db23ffc08675da143
+SHA512 (go-fdo-server-1.0.0.tar.gz) = 94d31eebdb1a1b206255b224fe055a6d48b60ce63627927099b87c71ef28ea6496b884f7ee17ac4b8e6d1c69877ebd2fedba566443c06ce877f95464cc900892
+SHA512 (go-fdo-server-1.0.0-vendor.tar.bz2) = 7be1f606054030afc61d69b463c093009ded1ac24ebf61fa7407c04401d072e351397e18e5a12c47c688f7565cbbd067e6bfa47d9145f7180f64b4c407ff83a1