Академический Документы
Профессиональный Документы
Культура Документы
PKI Components
Certificate Authority: A CA issues
certificates to, and vouches for the authenticity of entities. Registration Authority: An RA is an administrative function that registers entities in the PKI. End entity: An end-entity is a user, such as an e-mail client, a web server, a web browser or a VPN-gateway.
PKI HIERARCHY
Super Administrator GMU CA TOP CA
GMU PW RA Administrator
EJBCA
EJBCA is a fully functional Certificate Authority built in Java. Based on J2EE technology. Robust High performance, component based CA. Flexible and platform independent. EJBCA can be used as standalone or integrated in any J2EE application.
EJBCA: Architecture
EJBCA Administration
Create and Initialize the Super Administrator Creating and Configuring data sources Creating Publishers Creating Certificate Authorities Creating Registration Authorities Creating End Entities Creating CRLs Generating Certificates
OpenCA
Linux based. Provides the choice of algorithms- des, des3, idea. Extensions Provided: SKI and AKI. In Addition to the PKI components of EJBCA, OpenCA also has a Registration Authority Operator.
OpenCA: Architecture
OpenCA Administration
Initializing the Certification Authority Create the initial administrator Create the initial RA Certificate Submit a Certificate Request Approve the Certificate Issue the Certificate Importing the Root Certificate
User Certificate
Comparison
Parameters Ease of Configuration Confidentiality EJBCA Very Complex Offers Confidentiality using encryption Offers Integrity by encryption Offers Authentication by Digital Signature OpenCA Complex Offers Confidentiality using encryption Offers Integrity by encryption Offers Authentication by Digital Signature
Integrity Authentication
Yes
Yes
Yes
Yes
No
Manual Free Yes Yes No
Platform Certificate Repositories Modules Components based Standalone Component Supported Browsers Scalability
EJB
Yes Present Multiple Good
Perl Modules
Yes Not Present Multiple Bad
Conclusion
EJBCA is the simplest to use Complexity during installation Provides for automatic CRL updates OpenCA is the best for Linux users Manual revocations Both can be used by various clients