Topology Decisions
Figure 4-1 shows the relationships among a single Certificate Manager, end
entities, and a publishing directory. The Certificate Manager can publish both
end-entity certificates and CRLs to a directory.
Certificate Manager
Figure 4-1
Single root
Certificate Manager and Registration Manager
Many organizations need to separate the role of the Registration Manager from the
role of the Certificate Manager. This separation can be useful, for example, if
different groups of end entities are subject to different authentication policies or
work in different geographic locations.
Chapter 4
Planning Your Deployment
163