> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Jensen, Jens (STFC,RAL,SC)
>
> (a) get a certificate for the advertised name and share it across the
> servers
>
> Now (a) is a bad idea; it is against the rules of the CA (sharing keys)
> and what happens if you need to revoke it. So don't do that.
Wait, what? That doesn't seem right - if you've got a thing that's a singular thing (say, a service) that just happens to be implemented by more than one machine under the same administration, then it's not really sharing the key, and if you need to revoke the service's certificate it gets revoked once and equally affects all the machines behind the service, which sounds just fine to me.
What rule is this against, and what does the rule actually say?
Ewan
|