Hi, I'm working on the design of a production internal CA/RA/SCEP environment whose first application will be to issue user authentication certs and I have a few questions regarding CA security configuration.
I see that other CA designs often consist of an offline CA + online subordinate CA. The subordinate CA can issue certs quickly due to the online dataexchange which is very nice but what about the security risk to the online CA and its signing cert? Why bother with an offline CA when unauthorized access to the online CA compromises everything in that part of the hierarchy? Also, does the use of an HSM to store private keys remove the need for the attached CA to be offline? Thanks, Mike Mike Wiseman Computing and Networking Services University of Toronto ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
