Presentation is loading. Please wait.

Presentation is loading. Please wait.

Emir Imamagić University Computing Centre (Srce)

Published byDagmar Ackermann Modified over 5 years ago

Similar presentations

Presentation on theme: "Emir Imamagić University Computing Centre (Srce)"— Presentation transcript:

1 Emir Imamagić University Computing Centre (Srce)
SRCE CA Self Audit Emir Imamagić University Computing Centre (Srce)

2 Overview SRCE CA Self Audit Conclusion

3 Overview Established in May 2006
Certificates for the Croatian academic and research community Public web site: address: Approved by EUGridPMA in July 2006 Classic AP 4.0

4 Organization CA & RA @ SRCE One lightweight RAa
three staff members: Tomislav Stilinovic, Emir Imamagic, Dobrisa Dobrenic One lightweight RAa ETFOS (Faculty of Electrical Engineering in Osijek, Croatia), Goran Martinovic

5 System Architecture OpenCA Online interface (RA)
version 1.5.1 online part integrated with Croatian AAI infrastructure Online interface (RA) used by EE for certificate requests used by RAs for request confirmations deployed on dedicated server Offline signing machine (CA) machine kept in safe accessible to CA staff only data transfer achieve USB data backup performed after each operation

6 Certificates Total: 1196 certificates Valid: 83 certificates
Host: 491 User: 705 Valid: 83 certificates Host: 24 User: 59 Revoked: 23 certificates retired machines forgotten passphrase accidentally deleted private keys

7 CP/CPS Updates Version 1.1 Version 1.3 Version 1.4 November 20th 2009
updated EE & CA extensions made compliant with Grid Certificate Profile Version 1.3 May 14th 2010 updates after the first self audit Version 1.4 Aug 8th 2015. updates after the second self audit unfortunately not published

8 Self Audit

9 Versions Guidelines for auditing Grid CAs version 1.1
October 28th 2010 Authentication Profile for Classic X.509 Public Key Certification Authorities with secured infrastructure version 4.4 SRCE CA CP/CPS version 1.4 Aug 8th 2015

10 Summary Total number of items: 67 Marks:
C: 0 B: 1 X: 1 A: 65 Marks in previous self audit (2015): C: 1 A: 64

11 CP/CPS B - 1.6 Item description: The CP/CPS documents should be structured as defined in RFC Status: CP/CPS is structured as defined in RFC 2527. Solution: Currently we do not have resources to perform such major update. Current CP/CPS defines well our practices. We can consider updating in future if strongly requested from PMA and Relying Parties.

12 End Entity Certificates and Keys
X – 7.41 Item description: Certificates associated with a private key residing solely on hardware token may be renewed for a validity period of up to 5 years (for equivalent RSA key lengths of 2048 bits) or 3 years (for equivalent RSA key lengths of bits). Comment: CA does not support keys residing on hardware tokens.

13 Conclusion & Final Remarks
SRCE CA operates in a stable manner for 12 years Number of certificates decreasing planning to decommission grid services in 2018. Publish CP/CPS version 1.4 Changes related to GDPR compliance SHA-2 CA certificate?

14 Thank You! Questions?

Download ppt "Emir Imamagić University Computing Centre (Srce)"

Similar presentations

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.
1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March 08 2008.

1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.

CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, 15 2006 Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.
IHEP Grid CA Status Report Gongxing Sun F2F Meeting 20 Apr. 2009 Computing Centre, IHEP,CAS,China.

IHEP Grid CA Status Report Gongxing Sun F2F Meeting 20 Apr Computing Centre, IHEP,CAS,China.
IHEP Grid CA Status Report Wei F2F Meeting 8 Mar. 2010 Computing Centre, IHEP,CAS,China.

IHEP Grid CA Status Report Wei F2F Meeting 8 Mar Computing Centre, IHEP,CAS,China.
IHEP Grid CA Status Report Gongxing Sun 5 th F2F Meeting 16 Sep. 2008 Computer Center, IHEP,CAS,China.

IHEP Grid CA Status Report Gongxing Sun 5 th F2F Meeting 16 Sep Computer Center, IHEP,CAS,China.
Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.

Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.
UNAMgrid Alejandro Núñez Sandoval Rio de Janeiro, Brazil, 03/27/06 F2F meeting, TAGPMA.

UNAMgrid Alejandro Núñez Sandoval Rio de Janeiro, Brazil, 03/27/06 F2F meeting, TAGPMA.
KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan

KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan
Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.

Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.
Academia Sinica Grid Computing Certification Authority (ASGCCA)

Academia Sinica Grid Computing Certification Authority (ASGCCA)
Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.

Similar presentations

Ads by Google