Hello everybody,
I have been reading Appendix E article 1.6 ( Why should I not place the
CA on the same machine like the RA? ) very carefully but I still a question.
In my own setup I have 3 CA's ( 1 root and 2 sub CA's ).
In the online parts I have pub, ldap and node. The offline parts
contains of ra, ca, batch and node.
To me this makes sense because the offline part is unreachable so people
can only mess with requests and published data.
The other logic is that if the RA is placed in the online part I have to
re-check all requests at the CA to make sure that nobody was able
to insert his/her own approved request ( in case the security does not
work very well ).
So why should I not place the CA and the RA on the same machine?
With kind regards,
Marcel
Marcel Koopmans
Elysium Open Systems
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
