pki4ipse-3----Page:7
1 2 3 4 5 6 7 8 9 10
|
“Big” Issues (3) In the case where a certificate/authorization template is defined out of band by the domain operator on both the PKI and VPN Admin, and multiple templates exist on PKI for potentially multiple Admins, then how does the Admin reference the template? Do we need to create a template/group identifier that both PKI and Admin will know about? Would this require changes in CMC, or does it have something we can use? What if attributes or their contents sent by Admin in certificate/authorization template conflict with the CA's policy? |