Presentation is loading. Please wait.

Presentation is loading. Please wait.

Certification Authority MIEIC – Segurança de Sistemas Informáticos João Brito – ei07052 João Coelho – ei07118.

Published byHugh Wilkerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Certification Authority MIEIC – Segurança de Sistemas Informáticos João Brito – ei07052 João Coelho – ei07118."— Presentation transcript:

1 Certification Authority MIEIC – Segurança de Sistemas Informáticos João Brito – ei07052 João Coelho – ei07118

2 Contents Theorethical introduction State of art Tecnologies review Use case scenarios

3 Problem How to deploy a Certificate Authority for University of Porto? How to provide trusted digital certificates? How to mantain a CRL?

4 Theoretical Introduction

5 What is a CA?

6 Goals Ensure: Information integrity User authentication Non-repudiation of electronic data

7 State of art Technologies OpenCA Apache PHP Perl PHPki Apache PHP EJBCA Java Aplication Server (JBoss) Apache Ant (required to install)

8 Solution Deployment of a CA based on EJBCA architecture.

9 Functionalities Administration CA creation and activation; Manage entities; Profile management; Public Area Certificate aquisition; Certificate revokation check;

10 Deployment EJBCA deployment Apache Ant – configure and install EJBCA JBoss Aplication Server – Application server that will provide the CA service Administrators should install the SuperAdmin certificate to access the following URL: https://localhost:8443/ejbca/adminweb

11 User configuration User information to certify: Name Address Phone number Email User details must be verified with user personal documents Citizen card Email/SMS secret key

12 Certificates Browser certificates Authenticate users on faculty’s services.

13 SSL/SSH Certification Certificates

14 Other applications Certificate Signing Requests User uploads his public keys; CA retrieves certificate; Base64 encoding PEM format Specific software needed OpenSSL

15 Certificate applications Signing information is not a functionality of this application. Document signing has to be done at client side. Examples: Import certificate to thunderbird Use with openssh

16 Signature Validation User list certifitates Entering certificate properties: Issuer DN Certificate serial number

17 Key expiration Certificate’s validity date should not go beyound graduation year. Key generation could be performed by CICA’s. An aternative is submission of a new key gernerated by the user and the CA should return a new digital certificate.

18 Revoke Lists The list update rate is defined by the system administrator. Should be frequently updated. Can be obtained by anyone on public EJBCA webpage

19 Considerations Must be provided: Webpage documentation for the user: Certificate creation guides Certificate revokation guides Certification documentation: Step-by-step user guide for common certification software For example openpgp, openssl, etc.

20 Thank you! Questions?

Download ppt "Certification Authority MIEIC – Segurança de Sistemas Informáticos João Brito – ei07052 João Coelho – ei07118."

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority.
Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
Grid Computing Basics From the perspective of security or An Introduction to Certificates.

Grid Computing Basics From the perspective of security or An Introduction to Certificates.
1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.

1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Administration Using EJBCA and OpenCA

PKI Administration Using EJBCA and OpenCA
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

Similar presentations

Ads by Google