Using External CA for Installation
You can install two different Hardware Appliances with the same ManagementCA certificate. For this process, the certificate is installed in a smart card. This form of installation requires the following steps:
- Configure the smart card in Firefox.
- Install the first Hardware Appliance and install the SuperAdmin certificate in the smart card.
- Install the second Hardware Appliance with the existing ManagementCA certificate.
These steps cover the following typical use case:
- The ManagementCA is the super-administrator for operating both Hardware Appliances, Node A and Node B.
- In the logical hierarchy, ROOTCA functions as a the root certification authority which signs 3 different subCAs: SignCA, AuthCA, and SSLCA.
Compare the following illustrations:
In many cases ROOTCA is required to be offline, therefore the physical infrastructure shown below differs from the logical hierarchy in the illustration above. In the first Hardware Appliance Node A, the ManagementCA is installed together with the 3 subCAs:
The second Hardware Appliance Node B will host the ROOTCA. This will be offline directly after signing the subCAs: