| CPC H04L 9/3265 (2013.01) [H04L 9/3268 (2013.01)] | 19 Claims |
|
1. A method of managing, in a computing network, certificates issued by certificate authorities, the method comprising automatically:
establishing or ascertaining a first certificate chain which comprises a first binding between a first certificate issued by a first certificate authority and an identity in the computing network, such that the first certificate authority is specified in the first certificate, and the first certificate belongs to a first certificate chain;
establishing or ascertaining a second certificate chain which comprises a second binding between a second certificate issued by a second certificate authority and the identity, such that the first binding and the second binding coexist in the computing network, the second certificate authority is specified in the second certificate, the second certificate belongs to a second certificate chain, and the first certificate chain and the second certificate chain are independent from one another in that: the certificate chains do not share any root certificate with each other, and the certificate chains do not share any intermediate certificate authority certificate with each other;
selecting between the first certificate and the second certificate;
serving the selected certificate;
wherein the first certificate and the second certificate are issued by at least two certificate servers in an active-active certificate server configuration; and
wherein during at least two time periods of no more than five minutes in duration, the time periods being separated by at least ten minutes and no more than thirty minutes, the active-active certificate server configuration serves the first certificate in multiple instances interleaved with multiple instances of serving the second certificate.
|