Converting a Master CA into a Cloned CA
421
Subsystem
Differences
single CA should generate CRLs,
and this task is always left to the
master CA.
OCSP
Clones have a unique configuration parameter,
OCSP.Responder.store.defStore.refreshInSec
.
DRM
There are no configurable differences between a
master and a clone.
TKS
There are no configurable differences between a
master and a clone.
Table 19.1. Differences Between Masters and Clones
19.4.1. Converting a Master CA into a Cloned CA
Since only one master CA can exist for a Certificate System installation, the offline master must first be
converted into a cloned CA, and one of the cloned CAs become the new master CA.
1. Stop the master CA if it is still running.
2. Open the existing master CA configuration directory:
cd /var/lib/
master_ID
/conf
3. Edit the
CS.cfg
file, and change the following:
• Disable control of the database maintenance thread by changing the value of the following line
to
0
; add the line if it does not already exist:
ca.certStatusUpdateInterval=0
• Disable monitoring database replication changes by changing the value of the following line to
false
; add the line if it does not already exist:
ca.listenToCloneModifications=false
• Disable maintenance of the CRL cache by changing all of the
enableCRLCache
lines from
true
to
false
; add each line if it does not already exist:
ca.crl.
IssuingPointId
.enableCRLCache=false
• Disable CRL generation by changing all of the
enableCRLUpdates
lines from
true
to
false
;
add each line if it does not already exist:
ca.crl.
IssuingPointId
.enableCRLUpdates=false
Содержание CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
Страница 36: ...Chapter 1 Overview 16 Figure 1 4 Certificate System Architecture ...
Страница 144: ...124 ...
Страница 160: ...140 ...
Страница 208: ...188 ...
Страница 210: ...190 ...
Страница 256: ...236 ...
Страница 282: ...Chapter 12 Certificate Profiles 262 Parameter IssuerName_n IssuerType_n ...
Страница 285: ...Freshest CRL Extension Default 265 Parameter PointName_n PointIssuerName_n ...
Страница 335: ...Configuring Mappers 315 Figure 14 9 Selecting a New Mapper Type 6 Edit the mapper instance and click OK ...
Страница 362: ...342 ...
Страница 376: ...356 ...
Страница 436: ...416 ...
Страница 490: ...470 ...
Страница 504: ...484 ...