Menu
▾
▴
Re: [Ejbca-develop] bind an End Entity to several CAs
|
From: Pavel B. <byc...@ht...> - 2014-08-26 13:42:36
|
Hi Branko, Thank you for clarification Best regards, Pavel -------- Original Message -------- *Subject: *Re: [Ejbca-develop] bind an End Entity to several CAs *From: *Branko Majic <br...@ma...> *To: *ejb...@li... *Date: *22.08.2014 22:04 > On Fri, 22 Aug 2014 16:39:24 +0300 > Pavel Bychykhin <byc...@ht...> wrote: > >> Hello Everyone, >> While I'm adding End Entities I should chose a CA. So End Entity is >> being bound to CA (or not)? >> What if I have several CAs and I need to enroll in both of them with the >> same name? >> Can you please clarify, why can't End Entities duplicate despite the >> fact they are linked to different CAs? >> Thanks in advance. >> > In a way, the CA that is selected for an end entity will dictate what > CA will be issuing the next certificate for that end entity. This is at > least the case when using the EJBCA web GUI (I am not 100% sure in case > of web service calls, but I _think_ it's the same). > > If you wish to issue certificates to same end entity from multiple CAs, > you would need to update the end entity's CA before each certificate > issuance. Otherwise there shouldn't be anything in EJBCA preventing you > from doing this. > > As for why this was implemented the way it was, I will take some wide > liberties and assume it was simply a design decision, and it fitted the > most common deployment cases at that time. But this is me literally > just shooting off from the hip (movie hero style :). > > In the end, keep in mind that the end entity profile is the one that > really dictates what CAs will be available for issuing a certificate to > an end entity. The CA that is currently selected for the end entity can > be set to any of those (at any time). > > Best regards > > P.S. > As a side-note, you may notice that certificate profile selection for > an end entity has a similar design/principle too. > > > > ------------------------------------------------------------------------------ > Slashdot TV. > Video for Nerds. Stuff that matters. > http://tv.slashdot.org/ > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
