TPS with sub CA or with root CA? - Pki-users - Dogtag Pki List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

TPS with sub CA or with root CA?

Migration documentation

anyone had a challenge getting...

Fabian Bertholm

Tuesday, 15 February 2011 Tue, 15 Feb '11

8:38 a.m.

Hi, When running multiple sub CAs with one common root CA. Do I attach one TPS to the Root CA or do I attach multiple TPS systems to each Sub CA? Best regards, fabe

Reply

Show replies by date

Marc Sauton

Tuesday, 15 February Tue, 15 Feb

11:30 a.m.

It all depends on what may be needed for scalability, fail over, both are possible, but I would probably keep the root CA separate / standalone. One TPS can use several CA's, or several TPS instances can work with a CA. The main idea is to use the "security domains", TPS will look for CA's to use in their security domain, and use their "trusted managers". May want to see: http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.0/html-sin... http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.0/html-sin... M. On 02/15/2011 06:38 AM, Fabian Bertholm wrote:

Hi, When running multiple sub CAs with one common root CA. Do I attach one TPS to the Root CA or do I attach multiple TPS systems to each Sub CA? Best regards, fabe _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-users

Reply

Fabian Bertholm

Monday, 21 February Mon, 21 Feb

10:08 a.m.

Hi, Well please correct me if i am wrong. If I run one TPS with multiple Sub CAs (all in the same security domain) then I need to do the mapping to the different tokens by using the token CUID. I would then add an extra token type and ca connection per CUID range. What I did not understand, how can I fix the CUID. To me it seems they are rather random and predefiend by the token itsself. I did not find a place where I can specify a range on formating. Looks like this is not the right approach.. Best regards, Fabe 2011/2/15 Marc Sauton <msauton(a)redhat.com>:

It all depends on what may be needed for scalability, fail over, both are possible, but I would probably keep the root CA separate / standalone. One TPS can use several CA's, or several TPS instances can work with a CA. The main idea is to use the "security domains", TPS will look for CA's to use in their security domain, and use their "trusted managers". May want to see: http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.0/html-sin... http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.0/html-sin... M. On 02/15/2011 06:38 AM, Fabian Bertholm wrote: > > Hi, > > When running multiple sub CAs with one common root CA. > Do I attach one TPS to the Root CA or do I attach multiple TPS systems > to each Sub CA? > > Best regards, > fabe > > _______________________________________________ > Pki-users mailing list > Pki-users(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-users

Reply

5052

days inactive

5058

days old

users@lists.dogtagpki.org

Manage subscription

2 comments

2 participants

tags (0)

participants (2)

Fabian Bertholm
Marc Sauton