pki-system access Policy <?xml:namespace prefix = o ns = "Urn:schemas-microsoft-com:office:office"/>
In the PKI system, in order to the security of the system, the various parts of PKI need to be divided into different regions, and the access strategy of the firewall is added to prevent the unnecessary service access system.
The large direction is divided into 3 regions:
1. KMC Area (intranet)
A) KMC server
b) KMC Database
c) Encryption Machine
2. CA Area (intranet)
A) Root CA server
b) level two CA server
c) CA Database server
d) Primary LDAP
3. RA Area (intranet)
A) RA server
(b) RA database
C Intranet User Management terminal (IE)
D SSL Security Authentication Gateway
e) SVS Signature Verification Server
4. External network
A) external network RA
b External Network RA Database
c) from the LDAP
d External Network user access Terminal (IE)
Access Policy
Allows the CA zone to actively access the KMC zone and obtain a key pair.
Allow the CA zone to actively access primary LDAP and send a list of CRLs in real time.
Intranet Master LDAP actively accesses the extranet from LDAP, sending a list of CRLs in real time.
Allow internal and external RA to actively access the CA and send user information.