CA ITCM uses trusted root certificates to validate the certificates used for authentication. Multiple root certificates can be used in parallel to allow management of distinct authority chains or to help migrate from one certificate chain to a new chain.
For two nodes to successfully communicate and subsequently authenticate, the authenticator node (responder) requires access to the root certificate that signed the authenticating party's certificate (initiator). If the certificate is not available, not recognized or otherwise invalid then the authentication will fail. During planned certificate migration, the authenticator can be updated with one or more trusted root certificates to allow phased migration of clients. Initiators with different versions of certificates will still successfully authenticate if they are signed by root certificates that are trusted by the responder.
|
Copyright © 2013 CA.
All rights reserved.
|
|