|Applies To||Keon Certificate Authority|
Offline CA and Online CA are hosted on separate KCA installations.
|Issue||How to revoke Online CA from Offline CA on separate KCA installations.|
|Cause||When an Offline Certificate Authority is used to sign an Online Certificate Authority, it does not keep a record, or local reference, of the Online CA. For this reason it is not possible for the Offline CA to revoke the Online CA and issue a Certificate Revocation List with the revoked Online CA signer in it. This is true for all versions of KCA up to and including 5.7.|
|Resolution||This is not possible in KCA. A Request For Enhancement has been raised for this issue under number tst00021481.|
Note: this is true only where the Online and Offline CA's are held on separate KCA installations. The Offline CA is quite capable of revoking an Online CA and issuing a correct Certificate Revocation List when both CAs are on the same KCA installation.
|Legacy Article ID||a4968|