You are on page 1of 48

NITTE MEENAKSHI INSTITUTE OF TECHNOLOGY

GOVINDAPURA, GOLLAHALLI, YELAHANKA,


BANGALORE-560064
DEPARTMENT OF INFORMATION SCIENCE AND ENGINEERING

Project Phase-3
Seminar On
On

Public Key Infrastructure (PKI) Administration Using EJBCA


and OpenCA Certifying Authority Systems
External Guide:
Mr. Praveen D Ampatt
Senior Technical Officer,
CDAC

Presented By:
Vinay C
M.Tech 4th Sem(CNE)
Dept. of ISE,NMIT

Internal Guide:
Mrs. Vidyadevi G Biradar
Assoc. Prof. Dept. Of
ISE,NMIT

OUTLINE
1.Introduction
2.Problem Statement
3.Objective
4.Literature Survey
5. Snapshots
6.Conclusion
7.References

INTRODUCTION
With the globalization in the e-commerce, where everything is digital and is

done online.

It is not just enough to transfer the documents from one person to another,

but also it needs to ensure that the document retains its integrity, confirms the
authenticity of the sender, provides privacy.

To maintain integrity and confidentiality, public key infrastructure (PKI) is

intoduced.PKI provides robust and rigorous security measure to protect user


data and credentials.

Public Key Infrastructure(PKI)


A public key infrastructure (PKI) is a set of hardware, software, people,

policies, and procedures needed to create, manage, distribute, use, store, and
revoke digital certificates.
It provides the basic security required for secure communication so that user

who do not know each other can communicate securely through a chain of
trust.
A PKI consist of following component are:

1. Certificate Authority (CA)


2. Registration Authority (RA)
3. Security policy
4. Certificate Repository and distribution system
5. End entity

Certificate Hierarchy

ROOT
CA

SUB
CA

END
USER

SUB
CA

END
USE
R

END
USER

END
USER

Simple PKI Model

Subscriber
Provides Proof
of Identity

Registration
Authority
Verifies
Subscribers
Identity

Certificate
Authority
Issues Certificate
and Post in
Repository
Repository

Security Service of PKI


There are 4 main issues that PKI dealt with:

1. Data Integrity
2. Confidentiality
3. Identification and Authentication
4. Non-repudiation

OpenSSL
Openssl is a open source tool for using the Secure Socket Layer (SSL)

and Transport Layer Security (TLS) protocols for Web authentication.


SSL is a secure protocol developed for sending information securely

over the Internet.


TLS is a protocol that ensures privacy between communicating

applications and their users on the Internet.


TLS is the successor to the Secure Sockets Layer (SSL).).
The library includes tools for generating RSA private keys and

certificate signing requests, checksum, managing certificate and


performing encryption/decryption.

Enterprise Java Beans Certificate Authority(EJBCA)


EJBCA is a free open source software

PKI Certificate Authority.


It is based on JEE5 Technology.
It is flexible and platform independent.
Enterprise JavaBeans are components

that execute within an EJB


container, under the supervision of an
application server (JBOSS).
EJBCA architecture consist of four

parts:
1. Client

2. Web Tier

3. EJB Tier 4. Data Tier

Fig: Architecture of EJBCA

OpenCA
OpenCA is an open source

collaborative effort to create a public


key infrastructure.
It is a Linux based.
It is not a complete monolithic

system.
It is based on many Open-Source

Projects. Among the required


software there are OpenLDAP,
OpenSSL, Apache Project, Apache
mod_ssl.
Fig: OpenCA PKI Architecture

EJBCA and OPENCA Software


Requirements
EJBCA
OpenJDK 7
Apache Ant 1.8
JBOSS Application Server 7.1.1
Install EJBCA 6.0.3

OPENCA
OpenLDAP
OpenSSL
Apache server
Apache mod_ssl

Problem Statement
PUBLIC KEY INFRASTRUCTURE (PKI)
ADMINISTRATION USING EJBCA AND OPENCA
CERTIFICATE AUTHORITY SYSTEM

Objectives

To provide complete comparative study on both OPENCA and


EJBCA open source softwares

Literature survey

PAPER 1:
Title: Research and application of EJBCA based on J2EE
Author: Liyi Zhang, Qihua Liu and Min Xu
Published in: The International Federation for Information Processing(IFIP).
Date of published: 2011
Summary: In this paper author talks about the architecture of EJBCA,
installation procedure for EJBCA, Roles of EJBCA administrator.
The system is divided into 4 roles:

1. Super Admin

2. CA Admin

3. RA Admin

4. Supervisor

Roles of
the
System

Supe
r
Admi
n

CA
Admi
n

RA
Admi
n

Supe
rviso
r

PAPER 2:
Title: Survey of EJBCA and OPENCA Certificate Authority Systems.
Author: Ayesha Ishrath Ghori and Asra Parveen
Published in: IJCSE
Date of Published: 2006
Summary: In this paper author talks about Comparative analysis between two
leading certificate Authorities EJBCA and OPENCA.

Snapshots

Starting up the JBOSS

Browse to localhost:8080 page

Authentication

JBO SS Running

D eploym ent ofEJBCA.EAR

Browsing to localhost:8080/ejbca home page

EJBCA Adm in W eb Page

Default End Entity Certificate

RootCA

Subordinate CA

End Entity certificate

Adding of End Entity Certificate

P12 fi
le

Displaying Certificate in EJBCA Admin page

Updated CRL status for Default Management CA

Confi
guring O PEN CA

Whats Next?
Generating the Certificates in OPenCA.
Comparing Both the open source software in terms.
Listing out the Comparison for both EJBCA and OPENCA.
Deciding which Platform is good to built the advanced features over

that.

Conclusion
The trust between two parties and digital signature are reinforced by

components of public key infrastructure.


The two Certificate Authorities EJBCA & OpenCA are providers for various

clients, individual and business clients.


EJBCA has been installed and generated the certificates successfully.
EJBCA provides automatic CRL updates.

References
[1]. A Practical Approach for Implementation of Public Key Infrastructure
for Digital Signatures by M. Indra Sena Reddy, P.J. Bhat, Rajeev
Chetwavani and K.Subba Reddy ,IIJEA in 2011
[2]. www.ejbcawiki.org
[3]. www. Openca pki.org
[4]. http://majic.rs/book/free-software-x509-cookbook/setting-up-ejbca-ascertification-authority
[5]. http://ejbca.org/older_releases/ejbca_4_0/htdocs/userguide.html .
[6].

THANK YOU

You might also like