Presentation is loading. Please wait.

Presentation is loading. Please wait.

PKI Administration Using EJBCA and OpenCA

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "PKI Administration Using EJBCA and OpenCA"— Presentation transcript:

1 PKI Administration Using EJBCA and OpenCA
Presented By: Ayesha Ghori and Asra Parveen

2 PKI: Public Key Infrastructure
A trusted third Party. Secured communication. Provides digital certificates that can identify an individual or an organization. Stores and revokes Certificates. Provides services like Encryption, digital Signatures, data integrity, key establishment, zero knowledge/minimum knowledge protocols.

3 PKI Components Certificate Authority: A CA issues certificates to, and vouches for the authenticity of entities. Registration Authority: An RA is an administrative function that registers entities in the PKI. End entity: An end-entity is a user, such as an client, a web server, a web browser or a VPN-gateway.

4 PKI HIERARCHY GMU CA TOP CA GMU FAIRFAXCA SUBCA GMU MANASSAS CA
GMU PW CAMPUS CA RA INSTANCE GMU FAIRFAX GMU MANASSAS GMU PW CAMPUS GMU Fairfax CA Administrator GMU Manassas CA Administrator Super Administrator GMU Fairfax RA Administrator GMU Manassas RA Administrator GMU PW RA Administrator GMU PW CA Administrator

5 EJBCA and OpenCA Software Requirements
Software Requirements of EJBCA Java JDK 1.5 – Java 2 Platform Standard Development Kit. Apache Ant – Java Build Utility, used to compile and build Java programs. JBoss – J2EE Application Server EJBCA download Software Requirements of OpenCA OpenLDAP. OpenSSL. Apache Project. Apache mod_ssl.

6 EJBCA EJBCA is a fully functional Certificate Authority built in Java.
Based on J2EE technology. Robust High performance, component based CA. Flexible and platform independent. EJBCA can be used as standalone or integrated in any J2EE application.

7 EJBCA: Architecture

8 EJBCA Administration Create and Initialize the Super Administrator
Creating and Configuring data sources Creating Publishers Creating Certificate Authorities Creating Registration Authorities Creating End Entities Creating CRL’s Generating Certificates

9 The EJBCA Super Admin Certificate

10 OpenCA Linux based. Provides the choice of algorithms- des, des3, idea. Extensions Provided: SKI and AKI. In Addition to the PKI components of EJBCA, OpenCA also has a Registration Authority Operator.

11 OpenCA: Architecture

12 OpenCA Administration
Initializing the Certification Authority Create the initial administrator Create the initial RA Certificate Submit a Certificate Request Approve the Certificate Issue the Certificate Importing the Root Certificate

13 User Certificate

14 Comparison Parameters EJBCA OpenCA Ease of Configuration Very Complex
Confidentiality Offers Confidentiality using encryption Integrity Offers Integrity by encryption Authentication Offers Authentication by Digital Signature NonRepudiation YES

15 Ability to choose the algorithm to use
Yes OCSP Ability to choose CSP No CRL updates Automatic Manual Cost Free Extensions LDAP Support Support for smart cards

16 Platform Java J2EE Perl CGI on Unix Certificate Repositories HSQL MySQL Modules EJB Perl Modules Components based Yes Standalone Component Present Not Present Supported Browsers Multiple Scalability Good Bad

17 Conclusion EJBCA is the simplest to use Complexity during installation
Provides for automatic CRL updates OpenCA is the best for Linux users Manual revocations Both can be used by various clients

Download ppt "PKI Administration Using EJBCA and OpenCA"

Similar presentations

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Public Key Infrastructure (X509 PKI)

Public Key Infrastructure (X509 PKI)
Public Key Infrastructure Ben Sangster February 23, 2006.

Public Key Infrastructure Ben Sangster February 23, 2006.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer
Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.
An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Digital Certificate Service Monitoring Services Module Chrysa Papagianni.

Digital Certificate Service Monitoring Services Module Chrysa Papagianni.
Chapter 11: Active Directory Certificate Services

Chapter 11: Active Directory Certificate Services
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Similar presentations

Ads by Google