As students in my PKI training classes know, one of the areas I am a vocal about is the blind use of the CRLF_REVCHECK_IGNORE_OFFLINE setting in a PKI environment. I am so adamantly against the use of this setting, I personally refuse to ever explicitlyRead More
In a previous post, I discussed the configuration and isolation of true offline Certificate Authorities. There I made reference to the fact that an offline CA is one that never sees the light of day, figuratively that is. The CA should be air-gaped from the network,Read More
This post started as recommended maintenance and updates for offline CAs, and it became clear I should make this a two part post. So today I am covering what an Offline CA really means, and tomorrow I will cover recommendations for maintaining one of them.