Presentation is loading. Please wait.

Presentation is loading. Please wait.

KFKI CA József Kadlecsik KFKI RMKI

Published byNora Black Modified over 8 years ago

Similar presentations

Presentation on theme: "KFKI CA József Kadlecsik KFKI RMKI"— Presentation transcript:

1 KFKI CA József Kadlecsik KFKI RMKI kadlec@sunserv.kfki.hu

2 The KFKI Campus ● Hosts five independent academic research institutes ● One of them is the KFKI Research Institute for Particle and Nuclear Physics (KFKI RMKI) ● The Computer Networking Center of KFKI RMKI is responsible for the central computing and network services of the KFKI Campus

3 KFKI CA ● No subordinate CAs ● One RA, which is performed by the KFKI CA itself ● No plan for additional RAs ● Usual defaults: – Root CA key: 5 years, 2048 bits – Entity keys: 1 year, min 1024 bits – CRLs: after revocation or every month

4 KFKI CA end entities I. ● Academic entities of the KFKI Campus: – Institutions – Individuals, computers, services belonging to the institutions – External individuals involved in the scientific, research projects of the academic institutions Cert usages: user/host certs for Grid, service certs (http, pop/imap, smtp), user certs for roaming users (smtp ssl/tls)

5 KFKI CA end entities II. ● Entities of the Hungarian academic community involved in Grid related scientific or research projects.

6 Authentication of organizations ● Campus organization: RA directly contacts the representative for the autheticity of the request ● Non-campus organization: official document stamped and signed by the official representative of the organization is required

7 Authentication of individuals ● Local requester must appear in-person before the RA and show the identification card, passport or driving licence ● If the RA personally knows the requester, authentication over phone call is accepted ● Distant subscriber: copy of the identity card manually signed by a well-known contact person of the organization required and the subscriber is called back on the official phone number for further checkings.

8 Authentication of machine/service ● Either the requester must fulfil the individual authentication, or the request must be signed by the requester's valid cert issued by KFKI CA ● Requester must adequately prove that he/she is responsible for the entity in question: checked by the computer technical contact persons of the institutions

9 Re-keying ● The request must contain a new public key ● Authentication is either as a new request, or request must be signed by the valid non-expired, non-revoked certificate of the requester

10 Namespace ● Fixed part: C=HU,O=KFKI ● C=HU,O=KFKI,OU=people,CN=Kiss Istvan ● C=HU,O=KFKI,OU=services,CN=www.kfki.hu ● C=HU,O=KFKI,OU=services, CN=ldap/ldap.kfki.hu ● C=HU,O=KFKI,OU=grid,OU=people, CN=Kiss Pal Hungarian ISO Latin 2 chars are converted: é -> e, í -> i, ó -> o, ő -> o,...

11 Technical details ● Dedicated Linux PCs with CD writer drive – Full system backup on CD ● Signing machine has no network card, locked in a room on the first floor of the building of the Computer Networking Center ● Removable media is kept in a secure cabinet, backups in multiple locations

12 Software ● OpenCA ● Sleepycat DB ● Apache ● RBAC not activated yet - we are more accustomed to LIDS

13 Open issues ● Requests sent by E-mail (S/MIME) should be imported into OpenCA ● User interface for re-keying ● Full Hungarian translation of the user interface Suggestions are welcomed!

Download ppt "KFKI CA József Kadlecsik KFKI RMKI"

Similar presentations

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.

CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
Deploying and Managing Active Directory Certificate Services

Deploying and Managing Active Directory Certificate Services
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
The travelling physicist problem at the KFKI campus József Kadlecsik KFKI Research Institute for Particle and Nuclear Physics

The travelling physicist problem at the KFKI campus József Kadlecsik KFKI Research Institute for Particle and Nuclear Physics
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
EuGridPMA-Meeting Amsterdam 16.01.2008 GridKa-CA software Forschungszentrum Karlsruhe GmbH Institute for Scientific Computing.

EuGridPMA-Meeting Amsterdam GridKa-CA software Forschungszentrum Karlsruhe GmbH Institute for Scientific Computing.
CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.

1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.
Security Directions - Release 6 and beyond SearchDomino.com Webcast Patricia Booth Security and Directory Product Management 9/25/02.

Security Directions - Release 6 and beyond SearchDomino.com Webcast Patricia Booth Security and Directory Product Management 9/25/02.
F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education.

F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education.
AQA Computing A2 © Nelson Thornes 2009 Section 6.4 1 Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA

Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, 15 2006 Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

Similar presentations

Ads by Google