Max, I agree with the other comments suggesting setup of a separate PKI. With a separate root key and everything else just as production, you will get the most realistic test. E.g. Using a test policy under the production root is IMO both bad practice and a significant deviation between the test and production environment. /Stefan On 09-11-17 10:47 PM, "Massimiliano Pala" <Massimiliano.Pala at Dartmouth.edu> wrote: > So how do you test that the production PKI works exactly as the test > PKI if they are two separate setup ? You just rely on the fact that the > configurations are the same ? Don't you have to assert the production > environment somehow ? > > Thanks for sharing :) > > Cheers, > Max > > > On 11/17/2009 04:28 PM, Ogle Ron wrote: >> I issue certificates for DOCSIS certified Cable Modems. I know that there >> are several different CA software vendors who support these certificates. >> The certs follow a well defined set of extensions and flag definitions. We >> interoperate fairly well. >> >> BTW, for development and testing purposes, DOCSIS defines a separate PKI. >> This way there is no problem with knowing what is test and what is >> production. > > _______________________________________________ > pkix mailing list > pkix at ietf.org > https://www.ietf.org/mailman/listinfo/pkix
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.