[Pki-users] TPS with sub CA or with root CA?
Marc Sauton
msauton at redhat.com
Tue Feb 15 17:30:12 UTC 2011
It all depends on what may be needed for scalability, fail over, both
are possible, but I would probably keep the root CA separate / standalone.
One TPS can use several CA's, or several TPS instances can work with a CA.
The main idea is to use the "security domains", TPS will look for CA's
to use in their security domain, and use their "trusted managers".
May want to see:
http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.0/html-single/Deployment_Guide/index.html#Certificate_Manager-Security_Domains
http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.0/html-single/Admin_Guide/index.html#Working_with_Multiple_Instances_of_a_Subsystem
M.
On 02/15/2011 06:38 AM, Fabian Bertholm wrote:
> Hi,
>
> When running multiple sub CAs with one common root CA.
> Do I attach one TPS to the Root CA or do I attach multiple TPS systems
> to each Sub CA?
>
> Best regards,
> fabe
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list