Menu
▾
▴
Re: [Ejbca-develop] Type of certification authorities
|
From: eilaf s. <eil...@gm...> - 2014-08-10 04:55:33
|
Thanks, This clarify my issue. On Sat, Aug 9, 2014 at 11:42 PM, Branko Majic <br...@ma...> wrote: > On Tue, 5 Aug 2014 12:24:32 +0300 > eilaf sorkatti <eil...@gm...> wrote: > > > Hello, > > > > I would like to ask you what is the difference between management > > certification authority, signing Certification authority and > > authentication certification authority? > > If management certification authority do authentication and signing what > is > > the need for seperated authentication and signing certification > authority? > > How to setup/Install each of them? > > > > > > > > Regards, > > Hello Eilaf, > > This is purely a policy decision. You could define that certificates > with specific profile (key usage, extended key usage etc etc) will be > issued by a designated sub-CA (or even CA chain). I.e. it's mainly a > design decision, and can vary based on the project/customer > requirements. > > As for the ManagementCA, it is usually a good idea to keep it separate > since the policies very often need to be different for it (since it > commonly forms part of PKI infrastructure). One good reason to keep it > separate is in order to grant different privileges to differents groups > (let's say you want to let your PKI team be able to freely issue > server/client certificates for the PKI environment using ManagementCA). > > Best regards > > -- > Branko Majic > Jabber: br...@ma... > Please use only Free formats when sending attachments to me. > > Бранко Мајић > Џабер: br...@ma... > Молим вас да додатке шаљете искључиво у слободним форматима. > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > -- Eilaf Hamad Elnil Mugbil University Of Khartoum School Of Mathematical science |
