ejbca

Slide 1

NITTE MEENAKSHI INSTITUTE OF TECHNOLOGYGOVINDAPURA, GOLLAHALLI, YELAHANKA,BANGALORE-560064 DEPARTMENT OF INFORMATION SCIENCE AND ENGINEERING

Project Phase-3 Seminar OnOnPublic Key Infrastructure (PKI) Administration Using EJBCA and OpenCA Certifying Authority SystemsExternal Guide:Mr. Praveen D AmpattSenior Technical Officer, CDAC Internal Guide:Mrs. Vidyadevi G Biradar Assoc. Prof. Dept. Of ISE,NMITPresented By: Vinay CM.Tech 4th Sem(CNE)Dept. of ISE,NMITOUTLINE1.Introduction2.Problem Statement3.Objective4.Literature Survey5. Snapshots6.Conclusion7.References

INTRODUCTIONWith the globalization in the e-commerce, where everything is digital and is done online.

It is not just enough to transfer the documents from one person to another, but also it needs to ensure that the document retains its integrity, confirms the authenticity of the sender, provides privacy.

To maintain integrity and confidentiality, public key infrastructure (PKI) is intoduced.PKI provides robust and rigorous security measure to protect user data and credentials.Public Key Infrastructure(PKI)A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.It provides the basic security required for secure communication so that user who do not know each other can communicate securely through a chain of trust.A PKI consist of following component are: 1. Certificate Authority (CA) 2. Registration Authority (RA) 3. Security policy 4. Certificate Repository and distribution system 5. End entity

Certificate Hierarchy

ROOT CASUB CASUB CAEND USEREND USEREND USEREND USERSimple PKI Model

SubscriberProvides Proof of IdentityRegistration AuthorityVerifies Subscribers IdentityCertificate AuthorityIssues Certificate and Post in RepositoryRepositorySecurity Service of PKIThere are 4 main issues that PKI dealt with: 1. Data Integrity 2. Confidentiality 3. Identification and Authentication 4. Non-repudiation OpenSSLOpenssl is a open source tool for using the Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols for Web authentication.SSL is a secure protocol developed for sending information securely over the Internet.TLS is a protocol that ensures privacy between communicating applications and their users on the Internet.TLS is the successor to the Secure Sockets Layer (SSL).).The library includes tools for generating RSA private keys and certificate signing requests, checksum, managing certificate and performing encryption/decryption.

EnterpriseJavaBeansCertificateAuthority(EJBCA)

EJBCAis a free open source software PKI Certificate Authority.It is based on JEE5 Technology.It is flexible and platform independent.Enterprise JavaBeans are components that execute within an EJB container, under the supervision of an application server (JBOSS).EJBCA architecture consist of four parts: 1. Client 2. Web Tier 3. EJB Tier 4. Data Tier

Fig: Architecture of EJBCAOpenCAOpenCA is an open source collaborative effort to create a public key infrastructure.It is a Linux based.It is not a complete monolithic system.It is based on many Open-Source Projects. Among the required software there are OpenLDAP, OpenSSL, Apache Project, Apache mod_ssl.

Fig: OpenCA PKI ArchitectureEJBCA and OPENCA Software Requirements EJBCAOpenJDK 7Apache Ant 1.8JBOSS Application Server 7.1.1Install EJBCA 6.0.3 OPENCAOpenLDAPOpenSSLApache serverApache mod_ssl

Problem StatementPUBLIC KEY INFRASTRUCTURE (PKI)ADMINISTRATION USING EJBCA AND OPENCA CERTIFICATE AUTHORITY SYSTEMObjectivesTo provide complete comparative study on both OPENCA and EJBCA open source softwares Literature survey PAPER 1:Title: Research and application of EJBCA based on J2EEAuthor: Liyi Zhang, Qihua Liu and Min XuPublished in: The International Federation for Information Processing(IFIP).Date of published: 2011Summary: In this paper author talks about the architecture of EJBCA,installation procedure for EJBCA, Roles of EJBCA administrator.The system is divided into 4 roles: 1. Super Admin 2. CA Admin 3. RA Admin 4. SupervisorRoles of the SystemSuper AdminCA AdminSupervisorRA AdminPAPER 2:Title: Survey of EJBCA and OPENCA Certificate Authority Systems.Author: Ayesha Ishrath Ghori and Asra ParveenPublished in: IJCSEDate of Published: 2006Summary: In this paper author talks about Comparative analysis between twoleading certificate Authorities EJBCA and OPENCA.

SnapshotsStarting up the JBOSS

Browse to localhost:8080 page

Authentication

JBOSS Running

Deployment of EJBCA.EAR

Browsing to localhost:8080/ejbca home page

EJBCA Admin Web Page

Default End Entity Certificate

RootCA

Subordinate CA

End Entity certificate

Adding of End Entity Certificate

P12 file

Displaying Certificate in EJBCA Admin page

Updated CRL status for Default Management CA

Configuring OPENCA

Whats Next?Generating the Certificates in OPenCA.Comparing Both the open source software in terms.Listing out the Comparison for both EJBCA and OPENCA.Deciding which Platform is good to built the advanced features over that.ConclusionThe trust between two parties and digital signature are reinforced by components of public key infrastructure. The two Certificate Authorities EJBCA & OpenCA are providers for various clients, individual and business clients.EJBCA has been installed and generated the certificates successfully.EJBCA provides automatic CRL updates.References[1]. A Practical Approach for Implementation of Public Key Infrastructurefor Digital Signatures by M. Indra Sena Reddy, P.J. Bhat, RajeevChetwavani and K.Subba Reddy ,IIJEA in 2011[2]. www.ejbcawiki.org[3]. www. Openca pki.org[4]. http://majic.rs/book/free-software-x509-cookbook/setting-up-ejbca-as-certification-authority[5]. http://ejbca.org/older_releases/ejbca_4_0/htdocs/userguide.html .[6].

THANK YOU