Gregor Bethlen wrote:
I hope my problem is clear. Any hints?
as far as i have this in mind from some discussions
the module-ids are dependent per CA - this is my understanding of it
this means if your structure consists of more then one
CA every has its own universe (openca-system) independently from
each other
so the only connection between is - that the root-ca signs the
sub-ca certs - thats all
so every ca - can have module id 0 and so on...
only several ras must have different ids since they belong
to the same ca
so threat every ca as a won pki structure - even if they are logical
and practical connected through the hirarchy and signing sub-cas
usaly in a real word every ca has its own policy, for example
a root-ca would only sign sub-cas and never issue end-user certs
(maybe one or two for its own usage when encrypted or signed
communication is needed)
so every ca has its own infrastructure too and maybe runs on
different systems, but this is a may not a must - dependent on
the overal security policy behind the pki-structure at all
i hope this helps to clarify the situation of module-ids a bit
greetings
dalini
--
Ives Steglich Email: [EMAIL PROTECTED]
System Administration Tel.: +49 (0)3677 - 69 4382/4383
Fax: +49 (0)3677 - 69 4399
Fraunhofer Institute for Digital Media Technology
Langewiesener Strasse 22
98693 Ilmenau Email (private): [EMAIL PROTECTED]
Germany http://www.openca.org
-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
