Our SSL CA Configuration
Ti Leggett
leggett at mcs.anl.gov
Thu May 8 10:18:23 CDT 2003
Continuing on. Does anyone have strong feelings against putting the CA
and RA on the same server? There's several things we can do to lock down
the CA side of things, but it just makes life a little easier if we do
this.
On Wed, 2003-05-07 at 13:45, Ti Leggett wrote:
> I'm trying to sort through the hierarchy of what we want our CA to look
> like and what we'll be signing. Those things with (CA) are CA's and are
> responsible for signing underneath them. Tell me if this looks correct:
>
> /O=Access Grid/ (CA)
> |
> +- /O=Access Grid/OU=Developers/
> | |
> | +- /O=Access Grid/OU=Developers/CN=Ti Leggett
> |
> +- /O=Access Grid/OU=Services/
> | |
> | +- /O=Access Grid/OU=Services/CN=AGNodeService/scraz.mcs.anl.gov
> |
> +- /O=SCGlobal2003/ (CA)
> | |
> | +- /O=SCGlobal2003/OU=Participant/
> | | |
> | | +- /O=SCGlobal2003/OU=Participant/CN=Ti Leggett/
> | ...
> |
> +- /O=Access Grid Anonymous/ (CA)
> |
> +- /O=Access Grid Anonymous/OU=User/
> | |
> | + /O=Access Grid Anonymous/OU=User/CN=Anonymous User/
> |
> +- /O=Access Grid Anonymous/OU=Service/
> |
> +- /O=Access Grid
> Anonymous/OU=Service/CN=AGNodeService/localhost
>
> Is this what we're looking at?
>
More information about the ag-dev
mailing list