CA Hierarchy Design
Firstly, what is a certificate authority (CA)? Why does a certificate need an authority? Why can’t I just keep issuing self-signed certificates? The answers to these questions can often be quickly explained, especially to the uninformed by the well informed.However, what is often neglected is policy, in particular, the Policy Authority, the very basis of your PKI, the actual security document or group of people, or both that dictate what it means when your business signs and issues a certificate.
Building a certificate hierarchy is dependent on which particular security policies are required for your organization. Also, you have to consider your geographical and administrative requirements. The legal requirements of different countries may also play a part in your policies.
Questions therefore, regarding a single CA, Subordinate CA, Cross-Certification, Bridge CAs and the number of tiers in a CA hierarchy - and much more. All of this has to be developed by the appropriate stakeholders and technology staff in any given business and this of course is where we are very well placed to help.
This is an area where we excel; we have acted as intermediaries between stakeholders and technology staff in many businesses and have developed successful synergies as a result. This has facilitated the correct design and placement of the most appropriate certificate authority design for each business, coupled with the appropriate number of issuing CAs and load-balancing etc.