General Pki

This section contains information that isn't specific to EJBCA.

Useful tips setting up a PKI

Technical:

  • In the CDP (CRL Distribution Point) use a dns name alias instead of the real hostname or IP to avoid future problems with changing network structures.
  • If you are issuing smart cards for users, make them change to/choose a PIN that they will remember to avoid unnecessary unblocking of card with the PUK code.

General:

  • Make an effort to create a process that is nice for the users and administrators, users will not have good knowledge about PKI and administrators can quickly be bogged down with work if it takes 15 minutes to issue certificates/smart cards.
  • Don't be scared if you think PKI looks complex. Correctly implemented, using standard features, a PKI is remarkably simple.
  • Think a minute about your real needs, bussiness, technical and administrational. Try to build a PKI that meets you current needs.
  • Don't try to build a PKI for all possible needs for all future, things will change and so will your PKI. You want to get it running soon don't you?

*

page_revision: 1, last_edited: 1203240569|%e %b %Y, %H:%M %Z (%O ago)
edittags history files print site tools+ options
Unless stated otherwise Content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License