On Thu, 2005-04-07 at 14:08 -0600, jeff wrote: > I am about to setup certificates for our company. Initially for > openVPN, but later for other things. I have been trying to decide where > to put the CA. Ideally, I would think it should be on a machine that is > isolated from the network. In many ways this is impractical or at least > very inconvenient. How does everyone else deal with this?
We put our CA on two thumb drives. One sits in a safe and the other sits in a safe deposit box (for redundancy, just in case.) We only plug the thumb drive into a machine that is not connected to the network to do the signing. This is probably more secure than it needs to be since the stuff we're signing is not THAT valuable but we already had the safe and safe deposit box. Besides, thumb drives are cheap. -Mike .===================================. | This has been a P.L.U.G. mailing. | | Don't Fear the Penguin. | | IRC: #utah at irc.freenode.net | `==================================='
