The first question would be is the role of the application that needs to communicate with many vendors as a server or as a client. If it is a server and treating all the vendors the same (according to the defined policies), then one keyring with one server chain is sufficient.
If different vendors are treated differently, different server cert chains are needed. A single keyring can still be used if different cert labels are used for different vendors, otherwise you need to have individual keyring for each vendor.
If it plays the role of a client, a keyring ring with all the vendor's CA certificate or a CERTAUTH virtual keyring can work.
------------------------------
Wai Choi
------------------------------
Original Message:
Sent: Tue January 28, 2025 03:44 PM
From: Christian Gonzalez
Subject: Keyring and Certificate management.
We are currently in the process of implementing AT-TLS via pagent policies, and as more vendor sites are requiring secure connections, we are now accumulating a number of their certificates. Given this, we are looking to understand the best practices for storing these certificates. Specifically, should each vendor have its own keyring to manage their certificates independently, or is it advisable to consolidate all vendor certificates under a single 'FTP' keyring? Additionally, are there any security or management implications associated with either approach that we should consider?
------------------------------
Christian Gonzalez
------------------------------