Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bill Yau (billyau_hpc@hku.hk) HKU Grid Certificate Authority (HKU Grid CA) Self Audit & Status Report Bill Yau (billyau_hpc@hku.hk)

Published byEsen Tosun Modified over 4 years ago

Similar presentations

Presentation on theme: "Bill Yau (billyau_hpc@hku.hk) HKU Grid Certificate Authority (HKU Grid CA) Self Audit & Status Report Bill Yau (billyau_hpc@hku.hk)"— Presentation transcript:

1 Bill Yau (billyau_hpc@hku.hk)
HKU Grid Certificate Authority (HKU Grid CA) Self Audit & Status Report Bill Yau

2 Operating Organization
HKU Grid CA ~ Classical offline CA operates since 2009 Examines subscriber’s information Approve CA and RA operator to operate affairs CA Manager Accept subscribing request Check subscribers’ information for consideration of approval RA Operator Operate and maintain the CA signing server & CA web server Manage CA private key and its copy Operate CA tasks: issue/revoke/rekey certificate and issue CRL Update CP/CPS, operation manuals and security documents CA Operator Help users related to HKU Grid CA operation Helpdesk Pui Tak HO Wing Keung KWAN Wing Keung KWAN Lilian CHAN Bill Yau Pui Tak HO, Wing Keung KWAN, Lilian CHAN , Bill Yau

3 Issued Certificates CN=HKU Grid CA User certificates 44
(As of 25th Mar, 2019) CN=HKU Grid CA User certificates Valid Expired/Revoked 44 Host Certificates 6 118 HKU GridCA 2 3 2 26

4 Materials Used for Auditing
Guidelines for auditing Grid CAs version 1.1 Relevant IGTF Authentication Profile version 5.0 HKU Grid CA CP/CPS v3.0 (RFC 3647) CA Repository: CA Certificate, CRL, End-Entity certificates Document published on the web repository: Certificate application procedure Certificate renew and revocation procedure

5 Operation Inspection Items
CA room Located in the HKU ITS server room. Restricted to authorized people can access and all events are recorded. RA and CA machines Both are running on dedicated machines. CA signing machine is dedicated to CA operation and is completely offline. Backup media of the CA private key and its place Media storage of archived logs and other documents and their place Locked in safe deposit box which is located at another room where access control is restricted. Logs of RA and CA servers Records of operation of the RA and CA Access log to the CA room

6 Summary of Self Audit Result
Score A (Good) 63 Score B (Minor Change) 1 Score C (Major Change) Score D (Must Change) Score X (Could not evaluate) 3

7 Score B (Minor Change) CA Key
(14) Copies of the encrypted private key must be kept on offline media and only in secure places where access is controlled. During the auditing, we found that we have forgotten to create a paper-based backup of the private key as specified in the CP/CPS. CD-ROM based copy of the private key is safe and secure. The University of Hong Kong

Download ppt "Bill Yau (billyau_hpc@hku.hk) HKU Grid Certificate Authority (HKU Grid CA) Self Audit & Status Report Bill Yau (billyau_hpc@hku.hk)"

Similar presentations

Status of Auditing Guidelines Document Oct. 15 Yoshio Tanaka, AIST.

Status of Auditing Guidelines Document Oct. 15 Yoshio Tanaka, AIST.
APGrid PMA Face-to-Face Meeting NCHC CA Weicheng Huang National Center for High-performance Computing April 8, 2008.

APGrid PMA Face-to-Face Meeting NCHC CA Weicheng Huang National Center for High-performance Computing April 8, 2008.
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March 08 2008.

1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.

CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, 15 2006 Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
Data management in the field Ari Haukijärvi 2nd EHES training seminar.

Data management in the field Ari Haukijärvi 2nd EHES training seminar.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America The Brazilian Grid Certification Authority.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America The Brazilian Grid Certification Authority.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.
IHEP Grid CA Status Report Gongxing Sun F2F Meeting 20 Apr. 2009 Computing Centre, IHEP,CAS,China.

IHEP Grid CA Status Report Gongxing Sun F2F Meeting 20 Apr Computing Centre, IHEP,CAS,China.
IHEP Grid CA Status Report Wei F2F Meeting 8 Mar. 2010 Computing Centre, IHEP,CAS,China.

IHEP Grid CA Status Report Wei F2F Meeting 8 Mar Computing Centre, IHEP,CAS,China.

Similar presentations

Ads by Google