Re: [Openca-Users] MultiCA with a single server and HSM

Wed, 08 Feb 2006 07:09:10 -0800 

In fact, the tuning will be of great importance. Thanks for your answer Martin !

Selon Martin Bartosch <[EMAIL PROTECTED]>:

> Hi,
>
> > I wonder if technically, OpenCA supports the installation of a root
> > CA, several
> > sub CA and a single HSM (to store all CA keys) onto a single
> > server. I know,
> > this kind of architecture is not usual but it is imposed to me.
>
> it would be possible, provided that you install multiple instances
> of OpenCA in distinct directories. You will need multiple databases
> (may be stored in the same DB instance, of course), one for each
> OpenCA instance.
>
> The following is nCipher HSM only, don't know if this is possible with
> the other implementations:
> A single HSM on the same system can be shared between OpenCA instances,
> but in this case all HSM protected keys must reside in the same
> "Security World" (nCipher speak).
> (The reason is that an nCipher HSM can only be assigned to at maximum
> one single Security World at any given moment.)
> That means that all these keys will be protected with the same Operator
> Card Set.
> A Security World can hold as many keys as you like. You could generate
> thousands of CA keys (as many as your file system allows) and have
> them handled by the same HSM.
>
> cheers
>
> Martin
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> _______________________________________________
> Openca-Users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openca-users
>




-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to