Is the any was to have two different sub-CAs (that use two different keys) on the same host other than configuring and installing in two separate directories? (I hope that wouldn't be a problem, as communications are made through a socket in the different install dirs)
Or (even better) maybe one CA but with the choice to use one key or the other depending on the user group? Yeah, I know this kind of setup probably doesn't make too much sense security-wise, but I'm not the one that asked for that, I'm a mere executor =P Lapo
smime.p7s
Description: S/MIME Cryptographic Signature
