Presentation is loading. Please wait.

Presentation is loading. Please wait.

H I A S T HIAST GRID CA 21 th EUGridPMA meeting Utrecht, 24-26 January, 2011 Ghassan SABA Houssam ABED

Published byCaren Gardner Modified over 7 years ago

Similar presentations

Presentation on theme: "H I A S T HIAST GRID CA 21 th EUGridPMA meeting Utrecht, 24-26 January, 2011 Ghassan SABA Houssam ABED"— Presentation transcript:

1 H I A S T HIAST GRID CA 21 th EUGridPMA meeting Utrecht, 24-26 January, 2011 Ghassan SABA Houssam ABED ghassan.saba@hiast.edu.sy houssam.abed@hiast.edu.sy Higher Institute for Applied Sciences and Technology

2 21 th EUGridPMA Meeting, Utrecht, 2011 2 Agenda  Introduction  CP/CPS  CA System  CA Private Key  CA Certificate  Certificate Revocation  Certificate Revocation List  End Entity Certificates and Keys  Records Archival  Audits  Publication & Repository  Privacy and Confidentiality  Compromise and Disaster Recovery

3 21 th EUGridPMA Meeting, Utrecht, 2011 3 Introduction Achieved works:  CP/CPS preparation  CP/CPS is revised by: Roberto Cecchini from INFN-Italy Feyza Eryol & Burcu Ortakaya from TUBITAK ULAKBIM,Turkey  Comments from Fayza and Burcu were implemented  Recent comments from Roberto will be taken into account  Hardware for CA delivery at early June 2010  Software for CA setup at late October 2010  Start testing the CA at 3 January 2011: Generate CA private key Issue CA certificates Issue a user certificates Issue a host certificates  CA is planned to be operational by 1 March 2011 Online web repository ready https://ca.grid.hiast.edu.sy Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

4 21 th EUGridPMA Meeting, Utrecht, 2011 4 Introduction https://ca.grid.hiast.edu.sy/ Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

5 21 th EUGridPMA Meeting, Utrecht, 2011 5 CP/CPS  CP OID: 1.3.6.1.4.1.27601.1.1.0.93 [CP/CPS 7.1.6]  It was structured as defined in RFC 3647 [CP/CPS 1.1] Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery 1.3.6.1.4.1. 27601.1.1.0.93OID 1.3.6.1.4.1IANA 27601HIAST.1HIAST Grid CA.1CP/CPS document.0Major Version.93Minor Version

6 21 th EUGridPMA Meeting, Utrecht, 2011 6 CP/CPS  Policy Administration [CP/CPS 1.5] Policy is developed and maintained by HIAST GRID CA at HIAST Information Technology department All major changes related to policy, technology or security must be approved by HIAST GRID CA before signing any certificates under the new CP/CPS Minor changes related to editorial problems can be made without approval by HIAST GRID CA  All versions will be available at online repository (https://ca.grid.hiast.edu.sy => “Get CA Policy”) Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

7 21 th EUGridPMA Meeting, Utrecht, 2011 7 CA System  The CA systems are 2 dedicated machines: One offline signing server (Offline CA server)  DELL Optiplex 760 UI  2 Cores, 2GB RAM, 2x250 GB HD  Operating System: CentOS v5.4  Software: OpenCA v1.1.0, OpenSSL V2.0.29, Apache V2.2.3, MySQL v 5.0.77  Hostname : offlineca One online web server (Online CA server):  https://ca.grid.hiast.edu.sy/  DELL Optiplex 760 UI  2 Cores, 2GB RAM, 2x250 GB HD  Operating System: CentOS v5.4  Software: OpenCA v1.1.0, OpenSSL V2.0.29, Apache V2.2.3, MySQL v 5.0.77 Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

8 21 th EUGridPMA Meeting, Utrecht, 2011 8 OpenCA Software Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

9 21 th EUGridPMA Meeting, Utrecht, 2011 9 CA Online System  Firewall protection: Placed in HIAST DMZ Campus firewall blocks all incoming traffic except HTTP/HTTPS/SSH Host firewall blocks all incoming traffic except HTTP/HTTPS, SSH and SMTP from private management LAN (TBD) Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

10 21 th EUGridPMA Meeting, Utrecht, 2011 10 CA System  The CA system is located at Computer Server Room, Computation Center Building, HIAST [CP/CPS 5.1] Physical Security measures: – Only CA managers and CA operators can be granted physical access to CA machines – Fire alarm and fire fighting systems are in place – A secure environment where access is controlled – IP Surveillance is planned to be in place Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

11 21 th EUGridPMA Meeting, Utrecht, 2011 11 CA System  The CA signing server is completely offline [CP/CPS 6.2]  No Hardware Security Module(HSM) is deployed Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

12 21 th EUGridPMA Meeting, Utrecht, 2011 12 Certificate Types  User Certificate  Host Certificate  Service Certificate Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

13 21 th EUGridPMA Meeting, Utrecht, 2011 13 Name Forms  Issuer (HIAST Grid CA) “C=SY, O=HIAST, CN=HIAST Grid CA“  User “C=SY, O=HIAST Grid, OU=organizationName, CN=commonName“ commonName must be the Forename and the Surname of the subject organizationName is the organization name of the subject.  Host “C=SY, O=HIAST Grid, OU=organizationName, CN=commonName“ commonName must be the DNS FQDN of the host preceded by ‘host/’ organizationName is the name of the organization owning the host.  Service “C=SY, O=HIAST Grid, OU=organizationName, CN=commonName“, commonName must be the DNS FQDN of the server preceded by ‘serviceName/’ where serviceName must uniquely identify the service organizationName is the name of the organization owning the service. Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

14 21 th EUGridPMA Meeting, Utrecht, 2011 14 CA Private Key  Asymmetric algorithm: RSA  Key size: 8192 bits [CP/CPS 6.1.5]  Protected by a pass-phase of 16 characters [CP/CPS 6.4]  The pass-phase is only known to CA operators  HIAST Grid CA private key is kept, encrypted, in multiple copies and in different locations, on CD-ROMs [CP/CPS 6.2.4] Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

15 21 th EUGridPMA Meeting, Utrecht, 2011 15 CA Private Key  In case the private key of the HIAST Grid CA is (or suspected to be) compromised, the CA shall [CP/CPS 5.7.3] : notify subscribers terminate issuing certificates and CRLs generate a new CA key pair revoke all certificates signed using the compromised key Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

16 21 th EUGridPMA Meeting, Utrecht, 2011 16 CA Certificate [CP/CPS 7.1.2,7.1.3]  Version: 3 (0x2)  Serial Number: 0 (0x0)  Signature Algorithm: sha256RSA  Issuer: C=SY, O=HIAST, CN=HIAST Grid CA  Validity Not Before: Jan 22 2011 Not After : Jan 22 2021  Subject: C=SY, O=HIAST, CN=HIAST Grid CA  Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: 8192 bit Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

17 21 th EUGridPMA Meeting, Utrecht, 2011 17 CA Certificate  X509v3 extensions: X509v3 Basic Constraints: critical, CA:TRUE X509v3 Subject Key Identifier: – keyid: be 60 d2 4e 45 40 84 ea 89 d7 72 57 89 1f 1b 01 9f 89 69 94 X509v3 Authority Key Identifier: – keyid: be 60 d2 4e 45 40 84 ea 89 d7 72 57 89 1f 1b 01 9f 89 69 94 – Key Usage: Certificate Signing, Off-line CRL Signing, CRL Signing X509v3 Subject Alternative Name: – email: cagrid@ca.hiast.edu.sy X509v3 Issuer Alternative Name: – email: cagrid@ca.hiast.edu.sy Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

18 21 th EUGridPMA Meeting, Utrecht, 2011 18 Certificate Revocation  Can be requested by: [CP/CPS 4.9.2] the certificate subscriber any other entity presenting proof of knowledge of: – private key compromise – modification of the subscriber's data  A certificate will be revoked in the following circumstances [CP/CPS 4.9.1] : the subject of the certificate has ceased being an eligible end entity for certification the subject does not require the certificate any more the private key has been lost or compromised the information in the certificate is wrong or inaccurate the system to which the certificate has been issued has been retired the subject has failed to comply with the rules of HIAST CP/CPS Policy Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

19 21 th EUGridPMA Meeting, Utrecht, 2011 19 Certificate Revocation Procedure for Revocation Request [CP/CPS 4.9.3] :  Unless the HIAST Grid CA acts on its own, a revocation request must be made: by the owner of the certificate in an e-mail signed with the private key associated with the (still not expired) certificate, on behalf of the owner who has lost his/her private key in an e-mail signed by an authorized person of the organization/unit that consented to the certificate by the RA using a secure web interface  The HIAST Grid CA must process revocation requests with the highest priority within one working day [CP/CPS 4.9.5] Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

20 21 th EUGridPMA Meeting, Utrecht, 2011 20 Certificate Revocation List  Lifetime is 30 days [CP/CPS 4.9.7]  CRL issuance [CP/CPS 4.9.7] CRLs are issued after every certificate revocation at least every month, 7 days before the month-long validity of the CRL has expired Available at online repository:  http://ca.grid.hiast.edu.sy/pki/pub/crl/cacrl.crl [CRL-DER] http://ca.grid.hiast.edu.sy/pki/pub/crl/cacrl.crl  http://ca.grid.hiast.edu.sy/pki/pub/crl/cacrl.pem [PEM] http://ca.grid.hiast.edu.sy/pki/pub/crl/cacrl.pem Version: x509 v2 [CP/CPS 7.2] Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

21 21 th EUGridPMA Meeting, Utrecht, 2011 21 End Entity Certificates & Keys  Key size >=1024 bits [CP/CPS 6.1.5]  Life time :1 year plus one month (395 days) [CP/CPS 6.3.2]  User certificate must not be shared [CP/CPS 7.1.4]  Each entity must generate its key pair [CP/CPS 6.1.1, 6.1.2]  End entity should protect his/her passphrase according to “Guidelines on Private Key Protection” [CP/CPS 4.1.2] Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

22 21 th EUGridPMA Meeting, Utrecht, 2011 22 End Entity Certificates & Keys  Enrollment Process (User Certificate) [CP/CPS 4.1.2] 1)For the first time, a subscriber must be authenticated by the RA: Presenting officially recognized document in F2F meeting 2.After successful authentication:  RA will enter the requester's name, e-mail address and affiliation to the SSL secured HIAST Grid CA web site  a random 12-digit number will be generated:  The first 6 digits will be given to the requester in written form  the rest 6 digits will be sent automatically by the HIAST Grid CA to his e-mail address  From that point the requester has 2 working days to submit his certificate request to the HIAST Grid CA Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

23 21 th EUGridPMA Meeting, Utrecht, 2011 23 End Entity Certificates & Keys Enrollment Process (Host/service Certificate) [CP/CPS 4.1.2]  The subject must already have a valid HIAST Grid CA certificate  Two alternatives: 1)Submission via web interface: – the subject imports his HIAST Grid CA certificate in the browser in order to be authenticated automatically by the HIAST Grid CA server – Upon successful authentication the user submits the certificate request via a web based form 2)Via e-mail: – the subject sends e-mail signed via his HIAST Grid CA certificate to ragrid@hiast.edu.sy with the certificate requests attached and stating in the body that he is the person responsible for the host/service Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

24 21 th EUGridPMA Meeting, Utrecht, 2011 24 End Entity Certificates & Keys  Meaningful names [CP/CPS 3.1.2] Subject Name must be: – easily understandable – have a reasonable association with the authenticated name  Name uniqueness [CP/CPS 3.1.5] subject name must be unambiguous and unique For user certificates, additional numbers or letters may be appended to the real name Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

25 21 th EUGridPMA Meeting, Utrecht, 2011 25 End Entity Certificates & Keys  Identity Validation by RA [CP/CPS 3.2] Authentication Of Organization Identity: – RA verify that the requesting party's organization is entitled [CP/CPS 1.3.3] to get a certificate and that it consents to the request – The first time an organization wants to get a certificate for a user/server/service, it has to announce this officially to the RA or the HIAST Grid CA – The RA has to ascertain that the organization exists and is entitled to request a HIAST certificate – It must also get competent information on who is entitled to sign on behalf of the institution Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

26 21 th EUGridPMA Meeting, Utrecht, 2011 26 End Entity Certificates & Keys  X 509 format with extension [CP/CPS 7.1] basicConstraints Critical, CA: false keyUsage critical User certificate: subscriber E-mail is included in the SubjectAlternativeName Host certificate: a FQDN is included as a dnsName in the SubjectAlternativeName CRLDistributionPoints : URI:https://ca.grid.hiast.edu.sy/crl/cacrl.der Policy Identifier contain an OID and URI: – Policy: 1.3.6.1.4.1.27601.1.1.0.94 – CPS:https://ca.grid.hiast.edu.sy/download/HIAST_CP_CPS _V_0_94.pdf Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

27 21 th EUGridPMA Meeting, Utrecht, 2011 27 End Entity Certificates & Keys  Certificate Renewal [CP/CPS 4.6] HIAST Grid CA does not permit certificate signing request with the same key as the previous certificate  Certificate Re-key [CP/CPS 4.7.3] After a certificate has been revoked, expired, will be expired in one month, or the private key is compromised If the certificate has been revoked, expired, or compromised, it must follow enrolment process of [CP/CPS 4.1.2] Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

28 21 th EUGridPMA Meeting, Utrecht, 2011 28 End Entity Certificates & Keys  Certificate Re-key [CP/CPS 4.7.3] If the certificate still has one month to expire, the subscriber don’t need to fill the application form nor need to participate in the F2F meeting with RA until 5 years of initial ID vetting After 3 years, the subscriber of the certificate should follow the enrolment process [CP/CPS 4.1.2] again to get a new certificate  Certificate Modification [CP/CPS 4.8] HIAST Grid CA does not support certificate modification Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

29 21 th EUGridPMA Meeting, Utrecht, 2011 29 Records Archival  Records archived [CP/CPS 5.5.1] System boots and shutdowns Interactive system logins Periodic message digests of all system files Requests for certificates Identity verification procedures Identity validation records which RA collects [CP/CPS3.2.3] Certificate issuing Requests for revocation CRL issuing  Retention period [CP/CPS 5.5.2] General: minimum 3 years Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

30 21 th EUGridPMA Meeting, Utrecht, 2011 30 Audits  Compliance Audit : [CP/CPS 8]  CA or RA will, at least once a year: self-assessment to check the compliance of the CA operation with the CP/CPS document assess the compliance of the procedures of the RA with the CP/CPS document assess the CA and RA staff  HIAST Grid CA accepts being audited by other accredited CAs to verify its adherence to the rules and procedures specified in its CP/CPS document Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

31 21 th EUGridPMA Meeting, Utrecht, 2011 31 Publication & Repository  HIAST Grid CA will publish the following information on its website [CP/CPS 2.2] : General information about HIAST Grid CA E-mail addresses for inquiries and fault reporting Mailing address of CA Administration location HIAST Grid CA root certificate PEM format of the HIAST Grid CA certificate Issued certificates The Certificate Revocation List A copy of CP/CPS policy  This web repository is available 24x7 on a best effort basis Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

32 21 th EUGridPMA Meeting, Utrecht, 2011 32 Privacy and Confidentiality  Privacy [CP/CPS 9.4] HIAST Grid CA collects the following information which is not deemed as private: – subscriber's e-mail address – subscriber's name – subscriber's organization – subscriber's certificate HIAST Grid CA has not responsibility to protect any other private information as all the information it collects is considered public.  Confidentiality [CP/CPS 9.4.4] HIAST Grid CA guarantees to not use the photo ID document for any other purposes other than the ones it is intended for Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

33 21 th EUGridPMA Meeting, Utrecht, 2011 33 Compromise and Disaster Recovery  If CA private key is (or suspect to be) compromised [CP/CPS 5.7.1]: 1.Inform the RA, subscribers and relying parties of which the CA is aware 2.Terminate the certificates and CRL distribution services for certificates and CRLs issued using the compromised key 3.Notify relevant security contacts  If an RA Operator’s private key is compromised or suspected to be compromised [CP/CPS 5.7.1]: the RA Operator or Manager must inform the CA and request the revocation of the RA Operator’s certificate  If Entity Private Key is compromised [CP/CPS 5.7.1]: RA has to be informed immediately in order to start the certificate revocation process Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

34 21 th EUGridPMA Meeting, Utrecht, 2011 34 Compromise and Disaster Recovery  Hardware, Software, and/or Data Are Corrupted [CP/CPS 5.7.2]: Hardware: a functioning hardware shall be loaded with the latest state of the software and data backed-up on a read-only medium and estimated to be uncorrupted Software/data corrupted: Restored from removable media after a new release of any of its components is installed.  Disaster : The system must be recovered as soon as possible Plan to keep the annual backup data to the locked cabinet in another building (arrangement in progress), it would speed up system recovery in case of serious disaster (fire, flood) in the building Introduction CP/CPS CA System CA private key CA certificate Certificate Revocation Certificate Revocation List End entity certificates and keys Records Archival Audits Publication & Repository Privacy and confidentiality compromise and Disaster Recovery

35 21 th EUGridPMA Meeting, Utrecht, 2011 35 Future works  Working on latest comments received from Roberto Cecchini on 12 Jan, 2011  Implementing comments from today’s meeting  Customizing the on-line web site to meet the current CP/CPS  Releasing the CP/CPS version 0.94 for reviewing  Acquiring new server hardware for CA system  Enhancing CA system security

36 21 th EUGridPMA Meeting, Utrecht, 2011 36 Thank you for your Attention Questions ?

Download ppt "H I A S T HIAST GRID CA 21 th EUGridPMA meeting Utrecht, 24-26 January, 2011 Ghassan SABA Houssam ABED"

Similar presentations

Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.

CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
UNAMgrid CA Juan Carlos Guel UNAM, México. Alejandro Núñez UNAM, México. Israel Becerril UNAM, México. DGSCA UNAM 31/08/06.

UNAMgrid CA Juan Carlos Guel UNAM, México. Alejandro Núñez UNAM, México. Israel Becerril UNAM, México. DGSCA UNAM 31/08/06.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, 15 2006 Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America The Brazilian Grid Certification Authority.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America The Brazilian Grid Certification Authority.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.

National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.

CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

Similar presentations

Ads by Google