Question

Probably better to save the client-config directory in the CA rather than server

Connected Tutorial
This question is a follow-up to this tutorial:

Thanks for the amazing tutorial. I was thinking it would be better to save the client-config directory in the CA rather than the server for the following reasons

  • The CA files can be put on a removable drive for high security and used only when necessary
  • no need to copy client.req to CA in order to sign it
  • if server is compromised, then attacker can have access to the private key of client.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer