Hacker News new | past | comments | ask | show | jobs | submit login

Is primary/subkey idea the same thing as private CA (conceptually)?



It's the same thing of root/intermediate TLS certificates. You basically store the root in the safe and keep the intermediate online, so you can use it sign stuff (eg: generate certificates for customers' domains). If the intermediate is compromised, you revoke it, get the root and generate a new intermediate.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: