405b2dea05d7390543dcad35d50181b3.ppt
- Количество слайдов: 17
PKI Administration Using EJBCA and Open. CA Presented By: Ayesha Ghori and Asra Parveen
PKI: Public Key Infrastructure A trusted third Party. Secured communication. Provides digital certificates that can identify an individual or an organization. Stores and revokes Certificates. Provides services like Encryption, digital Signatures, data integrity, key establishment, zero knowledge/minimum knowledge protocols.
PKI Components Certificate Authority: A CA issues certificates to, and vouches for the authenticity of entities. Registration Authority: An RA is an administrative function that registers entities in the PKI. End entity: An end-entity is a user, such as an e-mail client, a web server, a web browser or a VPN-gateway.
PKI HIERARCHY GMU CA TOP CA GMU MANASSAS CA SUBCA GMU FAIRFAXCA SUBCA GMU Fairfax RA Administrator GMU PW CAMPUS CA SUBCA GMU PW CA Administrator GMU Manassas CA Administrator GMU Fairfax CA Administrator RA INSTANCE GMU FAIRFAX Super Administrator RA INSTANCE GMU MANASSAS GMU Manassas RA Administrator RA INSTANCE GMU PW CAMPUS GMU PW RA Administrator
EJBCA and Open. CA Software Requirements of EJBCA Java JDK 1. 5 – Java 2 Platform Standard Development Kit. Apache Ant – Java Build Utility, used to compile and build Java programs. JBoss 4. 0. 5 – J 2 EE Application Server EJBCA download Software Requirements of Open. CA Open. LDAP. Open. SSL. Apache Project. Apache mod_ssl.
EJBCA is a fully functional Certificate Authority built in Java. Based on J 2 EE technology. Robust High performance, component based CA. Flexible and platform independent. EJBCA can be used as standalone or integrated in any J 2 EE application.
EJBCA: Architecture
EJBCA Administration Create and Initialize the Super Administrator Creating and Configuring data sources Creating Publishers Creating Certificate Authorities Creating Registration Authorities Creating End Entities Creating CRL’s Generating Certificates
The EJBCA Super Admin Certificate
Open. CA Linux based. Provides the choice of algorithms- des, des 3, idea. Extensions Provided: SKI and AKI. In Addition to the PKI components of EJBCA, Open. CA also has a Registration Authority Operator.
Open. CA: Architecture
Open. CA Administration Initializing the Certification Authority Create the initial administrator Create the initial RA Certificate Submit a Certificate Request Approve the Certificate Issue the Certificate Importing the Root Certificate
User Certificate
Comparison Parameters Ease of Configuration Confidentiality Integrity Authentication EJBCA Very Complex Offers Confidentiality using encryption Offers Integrity by encryption Offers Authentication by Digital Signature Open. CA Complex Offers Confidentiality using encryption Offers Integrity by encryption Offers Authentication by Digital Signature
Ability to choose the algorithm to use OCSP Yes Yes Ability to choose Yes CSP CRL updates Automatic No Manual Cost Free Extensions Yes LDAP Support Yes Support for smart cards Yes No
Platform Certificate Repositories Modules Components based Standalone Component Supported Browsers Scalability Java J 2 EE HSQL Perl CGI on Unix My. SQL EJB Perl Modules Yes Present Not Present Multiple Good Bad
Conclusion EJBCA is the simplest to use Complexity during installation Provides for automatic CRL updates Open. CA is the best for Linux users Manual revocations Both can be used by various clients
405b2dea05d7390543dcad35d50181b3.ppt