Slide 1
NITTE MEENAKSHI INSTITUTE OF TECHNOLOGYGOVINDAPURA, GOLLAHALLI,
YELAHANKA,BANGALORE-560064 DEPARTMENT OF INFORMATION SCIENCE AND
ENGINEERING
Project Phase-3 Seminar OnOnPublic Key Infrastructure (PKI)
Administration Using EJBCA and OpenCA Certifying Authority
SystemsExternal Guide:Mr. Praveen D AmpattSenior Technical Officer,
CDAC Internal Guide:Mrs. Vidyadevi G Biradar Assoc. Prof. Dept. Of
ISE,NMITPresented By: Vinay CM.Tech 4th Sem(CNE)Dept. of
ISE,NMITOUTLINE1.Introduction2.Problem
Statement3.Objective4.Literature Survey5.
Snapshots6.Conclusion7.References
INTRODUCTIONWith the globalization in the e-commerce, where
everything is digital and is done online.
It is not just enough to transfer the documents from one person
to another, but also it needs to ensure that the document retains
its integrity, confirms the authenticity of the sender, provides
privacy.
To maintain integrity and confidentiality, public key
infrastructure (PKI) is intoduced.PKI provides robust and rigorous
security measure to protect user data and credentials.Public Key
Infrastructure(PKI)A public key infrastructure (PKI) is a set of
hardware, software, people, policies, and procedures needed to
create, manage, distribute, use, store, and revoke digital
certificates.It provides the basic security required for secure
communication so that user who do not know each other can
communicate securely through a chain of trust.A PKI consist of
following component are: 1. Certificate Authority (CA) 2.
Registration Authority (RA) 3. Security policy 4. Certificate
Repository and distribution system 5. End entity
Certificate Hierarchy
ROOT CASUB CASUB CAEND USEREND USEREND USEREND USERSimple PKI
Model
SubscriberProvides Proof of IdentityRegistration
AuthorityVerifies Subscribers IdentityCertificate AuthorityIssues
Certificate and Post in RepositoryRepositorySecurity Service of
PKIThere are 4 main issues that PKI dealt with: 1. Data Integrity
2. Confidentiality 3. Identification and Authentication 4.
Non-repudiation OpenSSLOpenssl is a open source tool for using the
Secure Socket Layer (SSL) and Transport Layer Security (TLS)
protocols for Web authentication.SSL is a secure protocol developed
for sending information securely over the Internet.TLS is a
protocol that ensures privacy between communicating applications
and their users on the Internet.TLS is the successor to the Secure
Sockets Layer (SSL).).The library includes tools for generating RSA
private keys and certificate signing requests, checksum, managing
certificate and performing encryption/decryption.
EnterpriseJavaBeansCertificateAuthority(EJBCA)
EJBCAis a free open source software PKI Certificate Authority.It
is based on JEE5 Technology.It is flexible and platform
independent.Enterprise JavaBeans are components that execute within
an EJB container, under the supervision of an application server
(JBOSS).EJBCA architecture consist of four parts: 1. Client 2. Web
Tier 3. EJB Tier 4. Data Tier
Fig: Architecture of EJBCAOpenCAOpenCA is an open source
collaborative effort to create a public key infrastructure.It is a
Linux based.It is not a complete monolithic system.It is based on
many Open-Source Projects. Among the required software there are
OpenLDAP, OpenSSL, Apache Project, Apache mod_ssl.
Fig: OpenCA PKI ArchitectureEJBCA and OPENCA Software
Requirements EJBCAOpenJDK 7Apache Ant 1.8JBOSS Application Server
7.1.1Install EJBCA 6.0.3 OPENCAOpenLDAPOpenSSLApache serverApache
mod_ssl
Problem StatementPUBLIC KEY INFRASTRUCTURE (PKI)ADMINISTRATION
USING EJBCA AND OPENCA CERTIFICATE AUTHORITY SYSTEMObjectivesTo
provide complete comparative study on both OPENCA and EJBCA open
source softwares Literature survey PAPER 1:Title: Research and
application of EJBCA based on J2EEAuthor: Liyi Zhang, Qihua Liu and
Min XuPublished in: The International Federation for Information
Processing(IFIP).Date of published: 2011Summary: In this paper
author talks about the architecture of EJBCA,installation procedure
for EJBCA, Roles of EJBCA administrator.The system is divided into
4 roles: 1. Super Admin 2. CA Admin 3. RA Admin 4. SupervisorRoles
of the SystemSuper AdminCA AdminSupervisorRA AdminPAPER 2:Title:
Survey of EJBCA and OPENCA Certificate Authority Systems.Author:
Ayesha Ishrath Ghori and Asra ParveenPublished in: IJCSEDate of
Published: 2006Summary: In this paper author talks about
Comparative analysis between twoleading certificate Authorities
EJBCA and OPENCA.
SnapshotsStarting up the JBOSS
Browse to localhost:8080 page
Authentication
JBOSS Running
Deployment of EJBCA.EAR
Browsing to localhost:8080/ejbca home page
EJBCA Admin Web Page
Default End Entity Certificate
RootCA
Subordinate CA
End Entity certificate
Adding of End Entity Certificate
P12 file
Displaying Certificate in EJBCA Admin page
Updated CRL status for Default Management CA
Configuring OPENCA
Whats Next?Generating the Certificates in OPenCA.Comparing Both
the open source software in terms.Listing out the Comparison for
both EJBCA and OPENCA.Deciding which Platform is good to built the
advanced features over that.ConclusionThe trust between two parties
and digital signature are reinforced by components of public key
infrastructure. The two Certificate Authorities EJBCA & OpenCA
are providers for various clients, individual and business
clients.EJBCA has been installed and generated the certificates
successfully.EJBCA provides automatic CRL updates.References[1]. A
Practical Approach for Implementation of Public Key
Infrastructurefor Digital Signatures by M. Indra Sena Reddy, P.J.
Bhat, RajeevChetwavani and K.Subba Reddy ,IIJEA in 2011[2].
www.ejbcawiki.org[3]. www. Openca pki.org[4].
http://majic.rs/book/free-software-x509-cookbook/setting-up-ejbca-as-certification-authority[5].
http://ejbca.org/older_releases/ejbca_4_0/htdocs/userguide.html
.[6].
THANK YOU