![]() Issuing CAs are typically online and used to issue certificates to client computers, network devices, mobile devices, and so on. ![]() However, youĬan have multiple CAs at the same level of the CA hierarchy. Each CA receives its authorization to issue certificates from the CA directly above it in the CA hierarchy. Intermediate that is offline, then it will also be used to generate a certificate and that certificate will be placed on removable media. floppy disk, USB drive, CD/DVD) and then physically transported to the subordinate CAs that need the certificate in order to perform their tasks. Offline root CAs can issue certificates to removable media devices (e.g. The risk of the CA private keys becoming compromised, which would in turn compromise all the certificates that were issued by the CA. A non-issuing CA is one that is not expected to provide certificates to client computers, network devices, and so on. To ensure the reliability of your CA infrastructure, specify that any root and non-issuing intermediate CAs must be offline. Make sure that you keep all CAs in secure areas with limited access. ![]() ![]() Which makes the root CA an offline root CA. That is, the CA is never connected to the company network, For that reason, many organizations that run internal PKIs install their root CA offline. Since certificates are used for data protection, identification,Īnd authorization, the compromise of a CA could compromise the security of an entire organizational network. If a root CA is in some way compromised (broken into, hacked, stolen, or accessed by an unauthorized or malicious person), then all of the certificates that were issued by that CA are also compromised. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |