PKI Administration Using EJBCA and OpenCAPKI: Public Key InfrastructurePKI ComponentsPKI HIERARCHYEJBCA and OpenCA Software RequirementsEJBCAEJBCA: ArchitectureEJBCA AdministrationThe EJBCA Super Admin CertificateOpenCAOpenCA: ArchitectureOpenCA AdministrationUser CertificateComparisonSlide 15Slide 16ConclusionPKI Administration Using EJBCA and OpenCAPresented By:Ayesha Ghori and Asra ParveenPKI: Public Key InfrastructureA trusted third Party.Secured communication.Provides digital certificates that can identify an individual or an organization. Stores and revokes Certificates.Provides services like Encryption, digital Signatures, data integrity, key establishment, zero knowledge/minimum knowledge protocols.PKI ComponentsCertificate Authority: A CA issues certificates to, and vouches for the authenticity of entities. Registration Authority: An RA is an administrative function that registers entities in the PKI. End entity: An end-entity is a user, such as an e-mail client, a web server, a web browser or a VPN-gateway.PKI HIERARCHYGMU CATOP CAGMU FAIRFAXCASUBCAGMU MANASSAS CASUBCAGMU PW CAMPUS CASUBCARA INSTANCEGMU FAIRFAXRA INSTANCEGMU MANASSASRA INSTANCEGMU PW CAMPUSGMU Fairfax CA AdministratorGMU Manassas CA AdministratorSuper AdministratorGMU Fairfax RA AdministratorGMU Manassas RA AdministratorGMU PW RA AdministratorGMU PW CA AdministratorEJBCA and OpenCASoftware RequirementsSoftware Requirements of EJBCAJava JDK 1.5 – Java 2 Platform Standard Development Kit.Apache Ant – Java Build Utility, used to compile and build Java programs.JBoss 4.0.5 – J2EE Application ServerEJBCA downloadSoftware Requirements of OpenCAOpenLDAP.OpenSSL.Apache Project.Apache mod_ssl.EJBCAEJBCA is a fully functional Certificate Authority built in Java. Based on J2EE technology.RobustHigh performance, component based CA. Flexible and platform independent. EJBCA can be used as standalone or integrated in any J2EE application.EJBCA: ArchitectureEJBCA AdministrationCreate and Initialize the Super AdministratorCreating and Configuring data sourcesCreating PublishersCreating Certificate AuthoritiesCreating Registration AuthoritiesCreating End EntitiesCreating CRL’sGenerating CertificatesThe EJBCA Super Admin CertificateOpenCALinux based.Provides the choice of algorithms- des, des3, idea.Extensions Provided: SKI and AKI.In Addition to the PKI components of EJBCA, OpenCA also has a Registration Authority Operator.OpenCA: ArchitectureOpenCA AdministrationInitializing the Certification Authority Create the initial administrator Create the initial RA Certificate Submit a Certificate Request Approve the Certificate Issue the Certificate Importing the Root CertificateUser CertificateUser CertificateComparisonParameters EJBCA OpenCAEase of Configuration Very Complex Complex Confidentiality Offers Confidentiality using encryption Offers Confidentiality using encryption Integrity Offers Integrity by encryption Offers Integrity by encryption Authentication Offers Authentication by Digital Signature Offers Authentication by Digital Signature NonRepudiation YES YESAbility to choose the algorithm to use Yes Yes OCSP Yes YesAbility to choose CSP Yes No CRL updates Automatic Manual Cost Free FreeExtensions Yes YesLDAP Support Yes YesSupport for smart cards Yes NoPlatform Java J2EE Perl CGI on UnixCertificate Repositories HSQL MySQLModules EJB Perl Modules Components based Yes YesStandalone Component Present Not Present Supported Browsers Multiple Multiple Scalability Good BadConclusionEJBCA is the simplest to useComplexity during installationProvides for automatic CRL updatesOpenCA is the best for Linux usersManual revocationsBoth can be used by various
View Full Document
Unlocking...