1 / 17

PKI Administration Using EJBCA and OpenCA

PKI Administration Using EJBCA and OpenCA. Presented By: Ayesha Ghori and Asra Parveen. PKI: Public Key Infrastructure. A trusted third Party. Secured communication. Provides digital certificates that can identify an individual or an organization. Stores and revokes Certificates.

csim
Download Presentation

PKI Administration Using EJBCA and OpenCA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PKI Administration Using EJBCA and OpenCA Presented By: Ayesha Ghori and Asra Parveen

  2. PKI: Public Key Infrastructure • A trusted third Party. • Secured communication. • Provides digital certificates that can identify an individual or an organization. • Stores and revokes Certificates. • Provides services like Encryption, digital Signatures, data integrity, key establishment, zero knowledge/minimum knowledge protocols.

  3. PKI Components • Certificate Authority: A CA issues certificates to, and vouches for the authenticity of entities. • Registration Authority: An RA is an administrative function that registers entities in the PKI. • Endentity: An end-entity is a user, such as an e-mail client, a web server, a web browser or a VPN-gateway.

  4. GMU CA TOP CA Super Administrator GMU PW CAMPUS CA SUBCA GMU MANASSAS CA SUBCA GMU FAIRFAXCA SUBCA GMU Manassas CA Administrator GMU PW CA Administrator GMU Fairfax CA Administrator RA INSTANCE GMU MANASSAS RA INSTANCE GMU PW CAMPUS RA INSTANCE GMU FAIRFAX GMU Fairfax RA Administrator GMU Manassas RA Administrator GMU PW RA Administrator PKI HIERARCHY

  5. EJBCA and OpenCASoftware Requirements Software Requirements of EJBCA • Java JDK 1.5 – Java 2 Platform Standard Development Kit. • Apache Ant – Java Build Utility, used to compile and build Java programs. • JBoss 4.0.5 – J2EE Application ServerEJBCA download Software Requirements of OpenCA • OpenLDAP. • OpenSSL. • Apache Project. • Apache mod_ssl.

  6. EJBCA • EJBCA is a fully functional Certificate Authority built in Java. • Based on J2EE technology. • Robust • High performance, component based CA. • Flexible and platform independent. • EJBCA can be used as standalone or integrated in any J2EE application.

  7. EJBCA: Architecture

  8. EJBCA Administration • Create and Initialize the Super Administrator • Creating and Configuring data sources • Creating Publishers • Creating Certificate Authorities • Creating Registration Authorities • Creating End Entities • Creating CRL’s • Generating Certificates

  9. The EJBCA Super Admin Certificate

  10. OpenCA • Linux based. • Provides the choice of algorithms- des, des3, idea. • Extensions Provided: SKI and AKI. • In Addition to the PKI components of EJBCA, OpenCA also has a Registration Authority Operator.

  11. OpenCA: Architecture

  12. OpenCA Administration • Initializing the Certification Authority • Create the initial administrator • Create the initial RA Certificate • Submit a Certificate Request • Approve the Certificate • Issue the Certificate • Importing the Root Certificate

  13. User Certificate

  14. Comparison

  15. Conclusion • EJBCA is the simplest to use • Complexity during installation • Provides for automatic CRL updates • OpenCA is the best for Linux users • Manual revocations • Both can be used by various clients

More Related