KRA Separation of Duties in Certificate System
Issue
Is there a way to configure the DRM such that there is two person/agent approval necessary for key recovery and to split the PKCS#12 password generating and PKCS#12 download functions? In other words:
1. Approving agent 1 initiates a key recovery.
2. Approving agent 1 sets the password for the PKCS#12 (and grants recovery).
3. Approving agent 2 grants recover and downloads the PKCS#12.
Environment
Red Hat Certificate System 8.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.