1 / 20

Certification Authority

Certification Authority. MIEIC – Segurança de Sistemas Informáticos. João Brito – ei07052 João Coelho – ei07118. Contents. Theorethical introduction State of art Tecnologies review Use case scenarios. Problem. How to deploy a Certificate Authority for University of Porto?

irina
Télécharger la présentation

Certification Authority

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CertificationAuthority MIEIC – Segurança de Sistemas Informáticos João Brito – ei07052 João Coelho – ei07118

  2. Contents • Theorethicalintroduction • Stateofart • Tecnologiesreview • Use case scenarios

  3. Problem • How to deploy a CertificateAuthority for UniversityofPorto? • How to providetrusted digital certificates? • How to mantain a CRL?

  4. TheoreticalIntroduction

  5. Whatis a CA?

  6. Goals • Ensure: • Informationintegrity • Userauthentication • Non-repudiationofelectronic data

  7. Stateofart Technologies • OpenCA • Apache • PHP • Perl • PHPki • Apache • PHP • EJBCA • Java Aplication Server (JBoss) • Apache Ant(required to install)

  8. Solution Deploymentof a CA basedon EJBCA architecture.

  9. Functionalities • Administration • CA creationandactivation; • Manageentities; • Profilemanagement; • PublicArea • Certificateaquisition; • Certificaterevokationcheck;

  10. Deployment • EJBCA deployment • Apache Ant – configure andinstall EJBCA • JBossAplication Server – Application server thatwillprovidethe CA service • AdministratorsshouldinstalltheSuperAdmincertificate to accessthefollowing URL: • https://localhost:8443/ejbca/adminweb

  11. Userconfiguration • Userinformation to certify: • Name • Address • Phonenumber • Email • Userdetails must beverifiedwithuserpersonaldocuments • Citizencard • Email/SMS secretkey

  12. Certificates • Browser certificates • Authenticateusersonfaculty’sservices.

  13. Certificates • SSL/SSH Certification

  14. Otherapplications • CertificateSigningRequests • User uploads hispublickeys; • CA retrievescertificate; • Base64 encoding • PEM format • Specific software needed • OpenSSL

  15. Certificateapplications • Signinginformationisnot a functionalityofthisapplication. • Documentsigninghasto bedoneatclientside. • Examples: • Importcertificate to thunderbird • Use withopenssh

  16. SignatureValidation • Userlistcertifitates • Enteringcertificateproperties: • Issuer DN • Certificate serial number

  17. Keyexpiration • Certificate’svalidity date shouldnotgobeyoundgraduationyear. • KeygenerationcouldbeperformedbyCICA’s. • Anaternativeissubmissionof a newkeygerneratedbytheuserandthe CA shouldreturn a new digital certificate.

  18. RevokeLists • Thelistupdaterate isdefinedbythesystemadministrator. • Shouldbefrequentlyupdated. • Canbeobtainedbyanyoneonpublic EJBCA webpage

  19. Considerations • Mustbeprovided: • Webpagedocumentation for theuser: • Certificatecreationguides • Certificaterevokationguides • Certificationdocumentation: • Step-by-step userguide for commoncertification software • For exampleopenpgp, openssl, etc.

  20. Thankyou! Questions?

More Related