Hello,
I am making architecture of system with multiple servers and clients. >300 units in total.
Currently busy with Security. And want to make use of CA.
The main question is not clear for me is how it is simplifying managing certificates? Why “When a Digital Certificate expires and is replaced, the administrator will only need to replace the expired Digital Certificate (Public Keys and Private Keys), there will be no need to copy
a Public Key to any locations.” (Part 2, 8.1.3.)
It is not completely clear for me the big picture of how Certificate Authority should work. My wish is to integrate with existing in company systems (EJB-CA). So, we can have central place to manage all certificates and access. And automate is as much as possible.
Should I make (Global) Discovery Server with UI where administrator manages certificates(create, update and distribute), access and permissions?
What is the “best practice” for this?
Should I provide more information?
Mikl
05/30/2017
If you have more than 10 nodes you need a CA which means you have to issue certificates and distribute CRLs.
The best way to do this is to use a GDS which can be a front end to whatever system you want to use as a CA.
Using the GDS API to hide the details of your CA means that applications do not need to support the CA that you want to use. They only need to support the GDS API which is defined in Part 12.
How you build the GDS is up to you. There are at least 2 commercial GDS products and more are in the pipeline. You can also develop your own.
1 Guest(s)