IST-2006-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America Review Installation Openca ULAGrid Certification Authority Vanessa.

Slides:



Advertisements
Similar presentations
Digital Certificate Installation & User Guide For Class-2 Certificates.
Advertisements

Installation & User Guide
Digital Certificate Installation & User Guide For Class-2 Certificates.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority.
Getting Started To start the process, procure the Digital Signature Certificate Enrollment Kit from Signature World or its Registration Authorities. The.
Digital Certificate Installation & User Guide For Class-2 Certificates.
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
PKI Administration Using EJBCA and OpenCA
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Chapter 11: Active Directory Certificate Services
SETUP AND CONFIGURATIONS WEBLOGIC SERVER. 1.Weblogic Installation 2.Creating domain through configuration wizard 3.Creating domain using existing template.
MKCL’s (ERA)Online Examination Software Installation & User Guide For use by Yashwantrao Chavan Maharashtra Open University (YCMOU)
APACHE SERVER By Innovationframes.com »
Configuring Active Directory Certificate Services Lesson 13.
Setting up a Subversion repository By: Matt Krass Last Updated: 4/11/07.
Certification Authority MIEIC – Segurança de Sistemas Informáticos João Brito – ei07052 João Coelho – ei07118.
Linux Operations and Administration
This presentation will guide you though the initial stages of installation, through to producing your first report Click your mouse to advance the presentation.
Apache Server The Apache Server Apache is a WWW server that implements the HTTP protocol. Apache runs as a daemon. This means that it is a resident.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) VOMS Installation and configuration Bouchra
UNAMgrid CA Juan Carlos Guel UNAM, México. Alejandro Núñez UNAM, México. Israel Becerril UNAM, México. DGSCA UNAM 31/08/06.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
baltrad node installation for beginners On Ubuntu Jesper Ellerbæk Nielsen Aalborg University, DK.
1 Apache and Virtual Sites and SSL Dorcas Muthoni.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America The Brazilian Grid Certification Authority.
4th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS E-infrastructure shared between Europe and Latin America BDII Server Installation Vanessa.
1 Installation When this module is complete, you will be able to:  Set a static IP address for your laptop  Install the snom ONE software  Navigate.
Hands On Networking Network Applications Ram P Rustagi, ISE Dept Kundan Kumar, MCA Dept Manini Sahoor, MCA Dept Ravi Teja, MCA Dept Sourav.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America MyProxy server installation Emidio Giorgio.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Globus Toolkit Installation Report. What is Globus Toolkit? The Globus Toolkit is an open source software toolkit used for building Grid systems.
Apache Web Server Quick and Dirty for AfNOG 2015 (Originally by Joel Jaeggli for AfNOG 2007) ‏
9th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS E-infrastructure shared between Europe and Latin America CE + WN installation and configuration.
12th EELA Tutorial for Users and System Administrators E-infrastructure shared between Europe and Latin America User Interface installation.
KISTI Grid CA Operation KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators Contact: Jan. 8, 2007.
IST E-infrastructure shared between Europe and Latin America ULAGrid Certification Authority Vanessa Hamar Universidad de Los.
Packaging for Voracity Solutions Control Panel David Turner.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America WMS + LB Installation Emidio Giorgio INFN.
4th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS E-infrastructure shared between Europe and Latin America CE + WN installation and configuration.
E-infrastructure shared between Europe and Latin America Introduction to the tutorial for site managers Vanessa Hamar Universidad de Los.
1 AHM -2-4 Sept 2003 e-Science Centre Running SRB Ananta Manandhar.
Advanced Sendmail Part 1
Apache, MySQL and PHP Installation and Configuration Chapter 2 MySQL Installation and Configuration.
Creating and Managing Digital Certificates Chapter Eleven.
KEK GRID CA updates Takashi Sasaki Computing Research Center KEK.
NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.
Third EELA Tutorial for Managers and Users E-infrastructure shared between Europe and Latin America CE + WN installation and configuration.
12th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin.
Adviser Panel. Go to All DD Track Advisers: Click “Advisor Login”
Introduction to Linux Server Setup Jonathan Hood CSE 4000 Practical Issues in Software Engineering.
Installing Koha Presented By Aaron R. Williams KOHA North American Users Group.
12th EELA Tutorial for Users and Managers E-infrastructure shared between Europe and Latin America LFC Server Installation and Configuration.
X509 Web Authentication From the perspective of security or An Introduction to Certificates.
NECTEC-GOC CA A Brief Status Report 13 th APGrid PMA Face-to-Face meeting March 24 th, 2014 Large-Scale Simulation Research Laboratory Information Communications.
Building Your Own Website Using:. Install & configure LAMP. Download WordPress and run it as a local website on your Raspberry Pi. Configure WordPress.
HellasGrid CA self Audit. In general We do operations well Our policy documents need work (mostly to make the text clearer in a few sections) 2.
How to use Drupal Awdhesh Kumar (Team Leader) Presentation Topic.
TNGrid CA 24 th EUGridPMA meeting Ljubljana, Slovenia, January, 2012 Heithem ABBES Mohamed JEMNI
9/21/04 James Gallagher Server Installation and Testing: Hands-on ● Install the CGI server with the HDF and FreeForm handlers ● Link data so the server.
Installing iHRIS Install iHRIS Manage on an Ubuntu System
Connect:Direct for UNIX v4.2.x Silent Installation
SSL Setup Making PROPworks® Applications Secure
Unix System Administration
Submit BOSS Jobs on Distributed Computing System
Installation & User Guide
INSTALLING AND SETTING UP APACHE2 IN A LINUX ENVIRONMENT
OpenCA Maria Lizarraga.
Easy Tutorial Quick Installation Guide Create your 1st Playlist.
Creating ODP regional node from scratch
Presentation transcript:

IST E-infrastructure shared between Europe and Latin America Review Installation Openca ULAGrid Certification Authority Vanessa Hamar Universidad de Los Andes – Merida,Venezuela 5 th F2F Banff, 17/07/2007

IST E-infrastructure shared between Europe and Latin America 2 Overview CA (offline) –Requirements –Web Server Installation –Database Installation –CA installation –CA Configuration RA (online) –Requirements –RA Installation –RA Configuration Dataexchange Tips

IST E-infrastructure shared between Europe and Latin America CA

IST E-infrastructure shared between Europe and Latin America 4 Introduction The installation was done using: –Openca –Debian stable - (built from jigdo) –Linux ra #1 SMP Mon Mar 26 17:17:36 UTC 2007 i686 GNU/Linux

IST E-infrastructure shared between Europe and Latin America 5 Requirements Packages gcc g++ perl –Perl modules: libcgi-session-perl libxml-parser-perl libauthen-sasl-perl libconvert-asn1-perl libdigest-hmac-perl libdigest-sha1-perl libintl-perl libio-socket-ssl-perl libio-stringy-perl libmime-lite-perl libmime-perl libmailtools-perl libnet-server-perl libnet-ldap-perl libparse-recdescent- perl libx500-dn-perl libxml-twig-perl libdbd-pg-perl libdbi-perl libpg-perl

IST E-infrastructure shared between Europe and Latin America 6 Web Server Installation apache2 –libssl-dev –a2dismod userdir cgid –a2dismod cgid –a2enmod cgi –a2enmod ssl –a2ensite default-443 Configuration Make a directory to put your certificates: Example: /etc/apache2/ssl Create your certificate: make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem Edit /etc/apache2/ports.conf Listen 80 Listen 443

IST E-infrastructure shared between Europe and Latin America 7 Web Server Installation Edit /etc/apache2/sites-available/default NameVirtualHost *:80 Copy the configuration file cp /etc/apache2/sites-available/default /etc/apache2/sites- available/default-443 Edit /etc/apache2/sites-available/default-443 and add: NameVirtualHost *:443 ….. SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem SSLOptions +StdEnvVars Make a link and restart: ln -s /etc/apache2/sites-available/default-443 /etc/apache2/sites enabled/000-default-443 /etc/init.d/apache2 restart

IST E-infrastructure shared between Europe and Latin America 8 Database installation Add the openca user and group: ca:~# groupadd -g 1555 openca ca:~# useradd -u g openca -m -s /bin/bash -c "OpenCA user" openca Install postgresql ca:~# apt-get install postgresql Create the user: ca:~# su - postgres createuser -A -d -P -E openca Enter password for new user: Enter it again: CREATE USER Create the database using the openca user ca:~# su - openca createdb -E utf8 -O openca -W openca Password: CREATE DATABASE exit logout

IST E-infrastructure shared between Europe and Latin America 9 CA installation Download the source and make the installation: ca:/usr/local/src# tar xvzf openca tar.gz ca:/usr/local/src# cd OpenCA / Configure ca:/usr/local/src/OpenCA #./configure --with-openca- user=openca --with-openca-group=openca --with-web- host=ra.cecalc.ula.ve --with-httpd-user=www-data --with-httpd- group=www-data --with-cgi-fs-prefix=/usr/lib/cgi-bin --with- htdocs-fs-prefix=/var/www --with-openca- prefix=/usr/local/openca/ca --with-etc- prefix=/usr/local/openca/ca/etc --with-module- prefix=/usr/local/openca/ca/modules --disable-external-modules - -enable-dbi --enable-rbac ca:/usr/local/src/OpenCA # make ca:/usr/local/src/OpenCA # make install-common ca:/usr/local/src/OpenCA # make install-offline

IST E-infrastructure shared between Europe and Latin America 10 CA configuration Edit config.xml and change the values: ca:/usr/local/openca/ca/etc# cp config.xml config.xml.orig ca:/usr/local/openca/ca/etc# vi config.xml ca:/usr/local/openca/ca/etc# diff -Naur config.xml.orig config.xml --- config.xml.orig :16: config.xml :17: ,7 +55,7 strings in national languages here. --> ca_organization - + CeCalCULA <!-- -63,7 +63,7 strings in national languages here. --> ca_locality - + Universidad de Los Andes

IST E-infrastructure shared between Europe and Latin America 11 CA configuration <!-- -72,7 +72,7 this country code is ALWAYS two characters long --> ca_country - + VE sendmail -84,7 +84,7 service_mail_account - + policy_link

IST E-infrastructure shared between Europe and Latin America 12 Openca configuration Choose appropriate section below 'dataexchange configuration' line in each of these two files as shown below. config.xml –dataexchange_device_up: Replace /dev/fd0 by /usr/local/openca/ca/var/tmp/ca-up –dataexchange_device_down: Replace /dev/fd0 by /usr/local/openca/ca/var/tmp/ca-down –dataexchange_device_local: Replace /dev/fd0 by /usr/local/openra/ca/var/tmp/ra-local Create the empty files for dataexchange –touch $OPENCA_HOME/ca/var/tmp/ca-up –touch $OPENCA_HOME/ca/var/tmp/ca-down –touch $OPENCA_HOME/ca/var/tmp/ra-local –chown www-data:www-data $OPENCA_HOME/ca/var/tmp/*

IST E-infrastructure shared between Europe and Latin America 13 CA configuration Edit ca.conf.template ca:/usr/local/openca/ca/etc/servers# vi ca.conf.template ca:/usr/local/openca/ca/etc/servers# diff -Naur ca.conf.template.orig ca.conf.template --- ca.conf.template.orig :18: ca.conf.template :19: ,7 +227,7 SET_REQUEST_SERIAL_IN_DN "N" REQUEST_SERIAL_NAME "sn" -SET_CERTIFICATE_SERIAL_IN_DN "Y" +SET_CERTIFICATE_SERIAL_IN_DN "N" CERTIFICATE_SERIAL_NAME "serialNumber" DN_WITHOUT_ "Y"

IST E-infrastructure shared between Europe and Latin America 14 CA configuration Edit loa.xml files to make sure CPS.1 points to this correct CPS location: –sed –i 's| \ /usr/local/openca/openca/etc/loa.xml Change the cps number

IST E-infrastructure shared between Europe and Latin America 15 CA configuration Change password for root login /usr/local/openca/ca/bin/openca-digest sha1 'mypasswd‘ cd /usr/local/openca/openca/etc/access_control grep -li ' ' *.template For each match in templates do: sed –i 's| Actual Passwd | New Passwd | g' \ /usr/local/openca/openca/etc/access_control/xxx.template

IST E-infrastructure shared between Europe and Latin America 16 CA configuration Edit the files /usr/local/openca/ra/etc/openssl/extfiles/*. Using the definitions profiles in your CP-CPS By example: /usr/local/openca/ca/etc/openssl/extfiles/User.ext.templ ate –nsCertType = objsign –nsCertType = client, –keyUsage = critical,nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment –extendedKeyUsage = clientAuth, Protection, timeStamping, –nsComment= "Grid Venezuela Certificate. For information go to

IST E-infrastructure shared between Europe and Latin America 17 CA configuration Configure and start the service $OPENCA_HOME/ca/etc/configure_etc.sh cp $OPENCA_HOME/ca/etc/openca_rc /etc/init.d/ /etc/init.d/openca_rc start

IST E-infrastructure shared between Europe and Latin America 18 CA Initialization Go to and follow the links: General Initialization Phase I (Initialize the Certification Authority) –Initialize Database –Generate new CA secret key –Generate new CA Certificate Request (use generated secret key) –Self Signed CA Certificate (from altready generated request) (Accept defaults) –Rebuild CA Chain

IST E-infrastructure shared between Europe and Latin America 19 CA Initialization General Initialization Phase II (Create the initial administrator) –Create a new request (Fill in the form and generate csr for CA Administrator) –Edit the request (Optional) –Issue the certificate –Handle the certificate Certificate and Keypair, PKCS#12, click Download. –Import into browser. Restart browser

IST E-infrastructure shared between Europe and Latin America 20 CA Initialization General Initialization –Phase III (Create the initial RA certificate) –Create a new request (Fill in the form. Change Role to RA Operator. Generate csr for RA Op) –Edit the request. –Issue the certificate. –Handle the certificate Download. –Import into browser.

IST E-infrastructure shared between Europe and Latin America RA

IST E-infrastructure shared between Europe and Latin America 22 RA installation Follow the same steps for install the operating system, apache2, postgresql, and the requirements. Please install openssh, and close the ports than you don’t want to use.

IST E-infrastructure shared between Europe and Latin America 23 Ra installation Install Openca --with- openca-user=openca --with-openca-group=openca --with-web- host=ra.cecalc.ula.ve --with-httpd-user=www-data --with-httpd- group=www-data --with-cgi-fs-prefix=/usr/lib/cgi-bin --with- htdocs-fs-prefix=/var/www --with-openca- prefix=/usr/local/openca/ra --with-etc- prefix=/usr/local/openca/ra/etc --with-module- prefix=/usr/local/openca/ra/modules --disable-external-modules - -enable-dbi --enable-rbac make make install- common make install-online

IST E-infrastructure shared between Europe and Latin America 24 RA Configuration ra:/usr/local/src/OpenCA $ cd /usr/local/openca/ra/etc ra:/usr/local/openca/ra/etc$ cp config.xml config.xml.orig ra:/usr/local/openca/ra/etc$ vi config.xml ra:/usr/local/openca/ra/etc$ diff -Nuar config.xml.orig config.xml --- config.xml.orig :24: config.xml :26: ,7 +55,7 strings in national languages here. --> ca_organization - + CeCalCULA

IST E-infrastructure shared between Europe and Latin America 25 RA Configuration strings in national languages here. --> ca_locality - + Universidad de Los Andes <!-- -72,7 +72,7 this country code is ALWAYS two characters long --> ca_country - + VE sendmail -84,7 +84,7 service_mail_account - + policy_link

IST E-infrastructure shared between Europe and Latin America 26 RA Configuration –cd servers –ra$ cp ra.conf.template ra.conf.template.orig –ra$ vi ra.conf.template –ra$ diff -Naur ra.conf.template.orig ra.conf.template --- ra.conf.template.orig :28: ra.conf.template :29: ,7 +190,7 SET_REQUEST_SERIAL_IN_DN "N" REQUEST_SERIAL_NAME "sn" -SET_CERTIFICATE_SERIAL_IN_DN "Y" +SET_CERTIFICATE_SERIAL_IN_DN "N" CERTIFICATE_SERIAL_NAME "serialNumber" DN_WITHOUT_ "YES"

IST E-infrastructure shared between Europe and Latin America 27 RA Configuration Edit loa.xml files to make sure CPS.1 points to this correct CPS location: –sed –i 's| \ /usr/local/openca/openca/etc/loa.xml Change the cps number This files must be the same in the CA machine.

IST E-infrastructure shared between Europe and Latin America 28 RA Configuration Create empty files for Dataexchange: –touch $OPENCA_HOME/ra/var/tmp/ca-down –touch $OPENCA_HOME/ra/var/tmp/ra-down –touch $OPENCA_HOME/ra/var/tmp/ra-local –chown www-data:www-data $OPENCA_HOME/ra/var/tmp/* Change the values in config.xml –dataexchange_device_up: Replace /dev/fd0 by /usr/local/openca/ra/var/tmp/ca-down –dataexchange_device_down: Replace /dev/fd0 by /usr/local/openca/ra/var/tmp/ra-down –dataexchange_device_local: Replace /dev/fd0 by /usr/local/openca/ra/var/tmp/ra-local

IST E-infrastructure shared between Europe and Latin America 29 RA Configuration Change password for root login /usr/local/openca/ca/bin/openca-digest sha1 'mypasswd‘ cd /usr/local/openca/openca/etc/access_control grep -li ' ' *.template For each match in templates do: sed –i 's| Actual Passwd | New Passwd | g' \ /usr/local/openca/openca/etc/access_control/xxx.template

IST E-infrastructure shared between Europe and Latin America 30 RA Configuration Configure the templates in cp /usr/local/openca/ra/etc/servers/ra.conf.template /usr/local/openca/ra/etc/servers/ra.conf.template.orig Edit ra.conf.template

IST E-infrastructure shared between Europe and Latin America 31 RA Initialization Configure –ra:/usr/local/openca/ra/etc/configure_etc.sh Copy the startup script: –ra:/usr/local/openca/ra/etc$./configure_etc.sh Start the service –cp $OPENCA_HOME/openca_rc /etc/init.d/ –/etc/init.d/openca_rc start

IST E-infrastructure shared between Europe and Latin America 32 RA Initialization Go to Administration Server Init Init New Node Import Configuration under "PKI Setup". This step should report sucess after prompting for confirmation.

IST E-infrastructure shared between Europe and Latin America 33 RA Intialization

IST E-infrastructure shared between Europe and Latin America Dataexchange

IST E-infrastructure shared between Europe and Latin America 35 Dataexchange Go to –Administration –Dataexchange –Enroll data to a lower level of the hierarchy –Configuration Next, download 'Configuration' on ra-node as follows: Go to –Administration –Dataexchange –Download data from a higher level of the hierarchy –Configuration

IST E-infrastructure shared between Europe and Latin America 36 Dataexchange Go to –Administration –Dataexchange –Enroll data to a lower level of the hierarchy –All Next, download 'All' on ra-node as follows: Go to –Administration –Dataexchange –Download data from a higher level of the hierarchy –All

IST E-infrastructure shared between Europe and Latin America 37 Dataexchange

IST E-infrastructure shared between Europe and Latin America 38 Dataexchange

IST E-infrastructure shared between Europe and Latin America 39 CRL Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: /C=VE/O=Grid/O=Universidad de Los Andes/OU=CeCalCULA/CN=ULAGrid Certification Last Update: Jul 10 16:06: GMT Next Update: Aug 9 16:06: GMT CRL extensions: X509v3 CRL Number: 1 No Revoked Certificates. Signature Algorithm: sha1WithRSAEncryption …… BEGIN X509 CRL-----

IST E-infrastructure shared between Europe and Latin America 40 References LiveCD.htmlhttp:// LiveCD.html htmlhttp://openca.oliwel.de/docs/guide/html_chunked/ch07. html Guide#Notes_about_the_installationhttp:// Guide#Notes_about_the_installation s04.htmlhttp:// s04.html Guide093http:// Guide093

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.