190 likes | 311 Views
KISTI Grid CA Operation. KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators Contact: ca@gridcenter.or.kr Jan. 8, 2007. Subscriber. CA Operator. Web Server(s) (with Virtual Host configuration). CA machine (off-line). RA. 1. The subscriber download
E N D
KISTI Grid CA Operation KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators Contact: ca@gridcenter.or.kr Jan. 8, 2007
Subscriber CA Operator Web Server(s) (with Virtual Host configuration) CA machine (off-line) RA
1 The subscriber download ‘User Application Form’ from the web site and fill the form. Subscriber CA Operator Web Server(s) (with Virtual Host configuration) CA machine (off-line) RA
2 Subscriber CA Operator Web Server(s) (with Virtual Host configuration) Face-to-Face Meeting CA machine (off-line) User Application Form RA
3 Subscriber CA Operator PIN# Web Server(s) (with Virtual Host configuration) Face-to-Face Meeting Get a PIN number PIN# PIN# RA’s Signature The RA gets a PIN number from the CA server. PIN number requests can be done with RA privilege. The RA write down the PIN# in the application form of the user and sign the form. CA machine (off-line) User Application Form RA
PIN# RA’s Signature 4 FAX the application form to the CA Subscriber PIN# CA Operator PIN# Web Server(s) (with Virtual Host configuration) CA machine (off-line) RA
PIN# RA’s Signature 5 Subscriber The CA checks the PIN# and RA’s Signature PIN# CA Operator PIN# Web Server(s) (with Virtual Host configuration) CA machine (off-line) RA
PIN# RA’s Signature 6 Subscriber PIN# CA Operator PIN# Web Server(s) (with Virtual Host configuration) If required, the CA may contact to the RA if the RA has really signed the application form. CA machine (off-line) RA
WACC PIN# PIN# RA’s Signature 7 Subscriber PIN# CA Operator PIN# Web Server(s) (with Virtual Host configuration) PIN# The CA make a WACC for the user. WACC is protected by PIN#. (PIN# is a password) CA machine (off-line) * WACC: Web-Access Client Certificate RA
* WACC: Web-Access Client Certificate WACC PIN# 8 Subscriber Register the WACC information in the lookup database of the web server. PIN# CA Operator PIN# Web Server(s) (with Virtual Host configuration) PIN# CA machine (off-line) RA
* WACC: Web-Access Client Certificate WACC PIN# 9 The CA send the WACC to the User by normal e-mail. (The WACC is protected by PIN#) Subscriber PIN# CA Operator PIN# Web Server(s) (with Virtual Host configuration) PIN# CA machine (off-line) RA
* WACC: Web-Access Client Certificate 10 The Subscriber can decrypt the WACC using his PIN#. He installs the WACC in his web browser. Subscriber WACC PIN# PIN# CA Operator PIN# Web Server(s) (with Virtual Host configuration) PIN# CA machine (off-line) RA
* CSR: Certificate Signing Request Internet 11 The subscriber access the online CSR website with the WACC. This communication is protected with HTTPS with client authentication. The web server authenticate the client using the WACC information received from the client, and compare it with the lookup database, to check if the WACC is valid one or not. Subscriber CA Operator HTTPS PIN# Web Server(s) (with Virtual Host configuration) WACC CA machine (off-line) RA
* CSR: Certificate Signing Request CSR 12 The Subscriber uploads his CSR to request for the CA to sign the CSR. Subscriber CA Operator HTTPS PIN# Web Server(s) (with Virtual Host configuration) WACC CA machine (off-line) RA
* CSR: Certificate Signing Request CSR 13 The subscriber sends a notification e-mail to the CA after uploading the CSR. Subscriber CA Operator PIN# Web Server(s) (with Virtual Host configuration) WACC CA machine (off-line) RA
CSR 14 The CA get the CSR from the web server, and sign it to make a certificate. Subscriber CA Operator PIN# Web Server(s) (with Virtual Host configuration) WACC Certificate CA machine (off-line) RA
15 Subscriber The CA publish the certificate in the web server. CA Operator PIN# Web Server(s) (with Virtual Host configuration) WACC CA machine (off-line) RA
16 The CA operator send a notification e-mail to the subscriber after issuing a certificate. Subscriber CA Operator PIN# Web Server(s) (with Virtual Host configuration) CA machine (off-line) RA
17 Subscriber The Subscriber get his certificate from the web server. CA Operator HTTPS PIN# Web Server(s) (with Virtual Host configuration) CA machine (off-line) RA