I would like to know if an external key store could be on the same CA Directory
instance as the Policy Store.
I am planning on using different trees and different bind users.
The Key and Policy Store and can be on the same CA Directory instance,
as long as they use the tree defined by default and having both being accessed with
the same "bind" user.
The product hasn't been concieved to have both on the same instance with different
trees and different users.
But in order to get that configuration possibility out of the box and fully
supported, please submit an Idea for CA Single Sign-On :