CA/Subordinate CA Checklist: Difference between revisions

Jump to navigation Jump to search

CA/Subordinate CA Checklist (view source)

Revision as of 21:22, 25 May 2010

273 bytes added ,  25 May 2010
m
→‎Terminology
Line 13: Line 13:
There are four possible combinations:
There are four possible combinations:
# '''In-house public subordinate CAs:''' This is the typical case where a commercial CA establishes one or more internally-operated subordinates to offer certificates of a particular type (e.g., EV vs. non-EV certificates, or SSL certificates vs. email certificates) to the general public.
# '''In-house public subordinate CAs:''' This is the typical case where a commercial CA establishes one or more internally-operated subordinates to offer certificates of a particular type (e.g., EV vs. non-EV certificates, or SSL certificates vs. email certificates) to the general public.
# '''Third-party public subordinate CAs:''' This is the situation we've seen with some government-sponsored root CAs (and perhaps in other cases as well) where the organization running the root CA delegates to other organizations the task of issuing end entity certificates to the general public. For example, there might be a separate organization authorized to issue certificates for general business purposes, another organization issuing certificates specifically within a vertical industry sector like financial services, a third organization to issue certificates to individuals, and so on.
# '''Third-party public subordinate CAs:''' In this case the root signs subordinate CAs for organizations who operate the sub-CA to sign certificates for other entities not affiliated with their organization. One example is a commercial CA which establishes one or more subordinate CAs to be operated by third-party organizations acting as Certificate Service Providers (CSP). Another example is a government-sponsored root CA where the organization running the root CA delegates to other organizations the task of issuing end entity certificates to the general public. For example, there might be a separate organization authorized to issue certificates for general business purposes, another organization issuing certificates specifically within a vertical industry sector like financial services, a third organization to issue certificates to individuals, and so on.
# '''In-house private subordinate CAs:''' This case would cover CA organizations that establish subordinate CAs for internal testing or other internal purposes.
# '''In-house private subordinate CAs:''' This case would cover CA organizations that establish subordinate CAs for internal testing or other internal purposes.
# '''Third-party private (or enterprise) subordinate CAs:''' This is the typical case where a commercial CA has enterprise customers who want to operate their own CAs for internal purposes, e.g., to issue SSL server certificates to systems running intranet applications, to issue individual SSL client certificates for employees or contractors for use in authenticating to such applications, and so on.
# '''Third-party private (or enterprise) subordinate CAs:''' This is the typical case where a commercial CA has enterprise customers who want to operate their own CAs for internal purposes, e.g., to issue SSL server certificates to systems running intranet applications, to issue individual SSL client certificates for employees or contractors for use in authenticating to such applications, and so on.
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/225679"

Navigation menu