Failure of Server Hosting Certificate Authority
Articles and Tips: qna
01 Aug 2001
Q.
Dear Ab-end: NetWare 5.1/eDirectory provides a native Certificate Authority as a built-in feature. But what happens if the server hosting the Certificate Authority goes down? I suspect that all the security in the tree will no longer work and the Certificate Server will need to be reinstalled and reconfigured on all servers--a big hit in a large tree. Is there a better solution without such an impact? -- Stifled with Security in Seattle
A.
Dear Stifled: Don't worry. Even if your NetWare 5.1 Certificate Authority server fails, security will still work. But once you clean up after the bad Certificate Authority and re-install a new Certificate Authority, all the certificates minted by the previous Certificate Authority are theoretically invalidated. Since we perform no CRL checking, this is not really an issue.
However, it would be appropriate to delete all certificates minted by the previous Certificate Authority and re-mint them. The good news is that while you are doing this, the old certifications will still work.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.