Recommended setup of Certificate Manager
The various server components of Smart ID Certificate Manager (CM) may be configured in a number of ways. Only configurations that have been verified during system testing are described in this article.
In a configuration without distributed Certificate Factory (CF) functions, all the required subsystems are located in the computer named CF. Since the Key Generation System (KGS) is a stand-alone system it has been excluded in the sample configurations.
See also High availability architecture for Certificate Manager.
Example 1: Minimum production configuration
This configuration is recommended for evaluation tests.
In addition to being a typical test environment, this configuration can also be used for a production environment.
Example 2: Alternative production configuration
This configuration shows an alternative of a production environment.
A separate CIS can be used if CA policy requires separation of functions.
Example 3: Distributed production configuration
In the distributed environment, the CF server components may be loaded into various computers in order to provide higher performance. The optimal grouping of the server components is indicated in the figure.
- CIS (Certificate Issuing System)
- KAR (Key Archiving and Recovery)
- CILF (Certificate Issuing List Factory)
- CRLF (Certificate Revocation List Factory)
- Monitor (SNMP monitor, Simple Network Management Protocol)