Presentation is loading. Please wait.

Presentation is loading. Please wait.

MD-Grid CA Valentin Pocotilenco RENAM Association

Published byCarol Wilkerson Modified over 7 years ago

Similar presentations

Presentation on theme: "MD-Grid CA Valentin Pocotilenco RENAM Association"— Presentation transcript:

1 MD-Grid CA Valentin Pocotilenco pvv@renam.md RENAM Association www.renam.md

2 About RENAM RENAM (Research and Educational Networking Association of Moldova) Was founded and registered by the Ministry of Justice of the Republic of Moldova in June 1999 under registration no. 1089. Is a republican association with unlimited term of existence and develops its activities on the whole territory of Republic of Moldova, with the right to establish its branches both in the Republic and abroad. The aim of the Association is to establish and develop computer network and information services on a modern level mostly in higher and secondary education, research institutions, libraries and public collections. Web site: www.renam.md

3 RENAM organization The RENAM Council consists of well-known scientists of Moldova, scientific administrators, information systems and networking specialists, which represents the Academy of Sciences of Moldova, Universities of Moldova, and other scientific and educational institutions. Administrative and technical support of the network operation is organized within RENAM by RENAM Executive managers and Network Operating Center (NOC). The functions of NOC are deal with RENAM network associated projects elaboration and realization, network infrastructure maintenance, technical assistance and users support. Web site: www.renam.md

4 RENAM network structure RENAM Association has built and permanently develops its own networking infrastructure that allowed creating 12 communication nodes in two main cities – Chisinau and Balti. 23 Institutes of Academy of Sciences, 10 leading Universities of Moldova, more than 10 colleges, 3 hospitals and some governmental establishments are connected now to RENAM infrastructure (http://www.terena.org/activities/compendium/2008/basicinfo.php?nrenid=30). RENAM network provides connectivity to about 5000 scientists and professors (75% of all researchers), 1000 Ph.D. students and more than 80 000 university and colleges students (85% of all students). RENAM infrastructure provides services to the universities and organizations placed in other localities of Moldova. The network node was realized in Balti State University, which joins also four technical colleges from Balti City.

5 RENAM goals The main goal of RENAM network consists in continuous development of a modern electronic communication infrastructure capable to connect all research, educational, medical and cultural institutions from Moldova, and to provide them with Internet access services. Another aim of RENAM consists in continuous and active participation in the work of international computer network organizations. Organize seminar and training events to help develop and use NREN infrastructure Create a National Grid Initiative of Moldova (NGI)

6 RENAM NGI MD-Grid - National Grid Initiative of Moldova was officially inaugurated on the plenary session “National Grid Initiative MD-Grid: presentation and inauguration” of RENAM Users Conference – 2007 on May, 14 2007 after receiving approval letters from Ministry of Information Development of Moldova and the Academy of Sciences of Moldova. The MD-Grid NGI Consortium governed by RENAM as its Coordinating NREN joins 6 research, education and industry institutions that expressed their intent to participate in the processes of National Grid Infrastructure building and using: Research and Educational Networking Association of Moldova Institute of Mathematics and Computer Science of the Academy of Sciences of Moldova Faculty of Radioelectronics and Telecommunications of the Technical University of Moldova Institute of Geology and Seismology of the Academy of Sciences of Moldova State Hydrometeorological Service School of Public Health, State Medical and Pharmaceutical University “N.Testemitanu”.

7 RENAM involvement SEE-GRID II - http://www.see-grid.eu SEE-GRID SCI - http://www.see-grid-sci.eu

8 MD-Grid CA Used documents: –RomanianGRID CP/CPS –TR-Grid CP/CPS –BG.ACAD CP/CPS –MREN CA CP/CPS Our request to IANA is pending and I suppose we will obtain the OID in a few weeks. Date: March 3-rd 2008

9 MD-Grid CA Naming Issuer: C=MD, O=RENAM, CN=MD-Grid-CA Subject: C=MD, O=RENAM, OU=XXX, CN=Subject-name [C] Country = MD [O] Organization = RENAM [OU] Organization Unit = Name of the institution [CN] Common Name = Name and surname of the person for the personal certificate, DNS name for host or service certificate (In the last case the DNS FQDN may be prefixed by the value 'host' or the service name separated with a '/' from the DNS FQDN).

10 MD-Grid CA The values of extensions in case of CA certificate are following: –X509v3 Basic Constraints: critical CA:TRUE –X509v3 Key Usage: critical Certificate Sign, CRL Sign –X509v3 Subject Key Identifier: –X509v3 Authority Key Identifier: keyid: DirName:/C=MD/O=RENAM/CN=MD-Grid-CA serial: –X509v3 Issuer Alternative Name: email: md-grid-ca@renam.md –X509v3 Subject Alternative Name: email: md-grid-ca@renam.md –X509v3 CRL Distribution Points –Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA

11 MD-Grid CA The values of extensions in case of user certificates are following: –X509v3 Basic Constraints: critical CA:FALSE –X509v3 Key Usage: critical Digital Signature, Key Encipherment, Data Encipherment, Key Agreement, Non-Repuditation. –X509v3 Extended Key Usage: TLS Web Client Authentication, E- mail Protection –X509v3 Subject Key Identifier: –X509v3 Authority Key Identifier: keyid: DirName:/C=MD/O=RENAM/CN=MD-Grid-CA serial: –X509v3 Subject Alternative Name: email: –X509v3 Issuer Alternative Name: email: md-grid-ca@renam.md –X509v3 Certificates Policies: Policy: –X509v3 CRL Distribution Points –Netscape Cert Type: SSL Client, S/MIME, Object Signing

12 MD-Grid CA The values of extensions in case of host and service certificates are following: –X509v3 Basic Constraints: critical CA:FALSE –X509v3 Key Usage: critical Digital Signature, Key Encipherment, Data Encipherment, Key Agreement –X509v3 Extended Key Usage: TLS Web Server Authentication –X509v3 Subject Key Identifier: –X509v3 Authority Key Identifier: keyid: DirName:/C=MD/O=RENAM/CN=MD-Grid-CA serial: –X509v3 Issuer Alternative Name: email:md-grid-ca@renam.md –X509v3 Subject Alternative Name: DNS:FDQN –X509v3 Certificates Policies: Policy: –X509v3 CRL Distribution Points –Netscape Cert Type: SSL Server

13 MD-Grid CA –Certificate 1024 bit or 2048 bit encryption; 1 year. –Personal certificate personal contact; id-card, passport or driving license; –Server/Service certificate the host must have a valid DNS name; the administrator must already possess a valid personal MD Grid-CA Certificate; the administrator must provide a proof of his or her relation to the host itself.

14 MD-Grid CA –Certificate revocation list (CRL): max lifetime of the CRL: 30; issued at least 7 days before expiration; new CRL will be publish as soon as they are updated; –Circumstances for revocation: the CA is informed that the Subscriber has ceased to be a member of or associated with a MREN program or activity; the subscriber’s private key is lost or suspected to be compromised; the information in the Subscriber’s certificate is wrong or inaccurate, or suspected to be wrong or inaccurate; the subscriber violates his/her obligations; the subscriber does not need the certificate any more.

15 MD-Grid CA – Types of events recorded: certification requests; issued certificates; requests for revocation; issued CRLs; login/logout/reboot of the signing machine. –Each RA must keep log of the following: for each approved request, how it was approved; for each rejected request, why it was rejected; for each approved revocation request, the reason for revocation; for each rejected revocation request, the reason for revocation and the reason the request was rejected.

16 MD-Grid CA Types of records archived –The following data and files are recorded and archived by the CA: certification requests; issued certificates; requests for revocation; issued CRLs; all e-mail messages of correspondence between RA and CA. –Each RA must keep log of the following: for each approved request, how it was approved; for each rejected request, why it was rejected; for each approved revocation request, the reason for revocation; for each rejected revocation request, the reason for revocation and the reason the request was rejected.

17 MD-Grid CA Physical controls The MD-Grid CA will operate in a controlled and protected room located in Technical University of Moldova. At least one person employed by RENAM Association will always be present on premises 24 hours per day, 7 days per week. Physical access to the MD-Grid CA is restricted to authorized personnel only. Technical University of Moldova premises have a fire alarm system installed, secured access, provided by a particular organization and equipment is maintained in cooled rack’s.

18 Certification Authority Contact details Research and Educational Networking Association of Moldova 5, Academiei str. room 331. Chishinau, Moldova, Republic of. Phone: +373 22 739827 Phone: +373 22 234635 Fax: +373 22 739805 Fax: +373 22 288006 E-mail: md-grid-ca@renam.md Valentin Pocotilenco e-mail: pvv@renam.md

Download ppt "MD-Grid CA Valentin Pocotilenco RENAM Association"

Similar presentations

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, 15 2006 Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.

National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.
Module 9: Fundamentals of Securing Network Communication.

Module 9: Fundamentals of Securing Network Communication.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.
RENAM – current state and development program Research and Educational Networking Association of Moldova TERENA Networking Conference 2005 “The World.

RENAM – current state and development program Research and Educational Networking Association of Moldova TERENA Networking Conference 2005 “The World.
IHEP Grid CA Status Report Wei F2F Meeting 8 Mar. 2010 Computing Centre, IHEP,CAS,China.

IHEP Grid CA Status Report Wei F2F Meeting 8 Mar Computing Centre, IHEP,CAS,China.

Similar presentations

Ads by Google