[Pki-users] TPS with sub CA or with root CA?
Fabian Bertholm
fabeisageek at googlemail.com
Mon Feb 21 16:08:57 UTC 2011
Hi,
Well please correct me if i am wrong.
If I run one TPS with multiple Sub CAs (all in the same security
domain) then I need to do the mapping to the different tokens by using
the token CUID.
I would then add an extra token type and ca connection per CUID range.
What I did not understand, how can I fix the CUID. To me it seems they
are rather random and predefiend by the token itsself. I did not find
a place where I can specify a range on formating.
Looks like this is not the right approach..
Best regards,
Fabe
2011/2/15 Marc Sauton <msauton at redhat.com>:
> It all depends on what may be needed for scalability, fail over, both are
> possible, but I would probably keep the root CA separate / standalone.
> One TPS can use several CA's, or several TPS instances can work with a CA.
> The main idea is to use the "security domains", TPS will look for CA's to
> use in their security domain, and use their "trusted managers".
>
> May want to see:
> http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.0/html-single/Deployment_Guide/index.html#Certificate_Manager-Security_Domains
>
> http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.0/html-single/Admin_Guide/index.html#Working_with_Multiple_Instances_of_a_Subsystem
>
> M.
>
> On 02/15/2011 06:38 AM, Fabian Bertholm wrote:
>>
>> Hi,
>>
>> When running multiple sub CAs with one common root CA.
>> Do I attach one TPS to the Root CA or do I attach multiple TPS systems
>> to each Sub CA?
>>
>> Best regards,
>> fabe
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>
>
More information about the Pki-users
mailing list