KISTI, Korea Institute of Science and Technology Information
KISTI Grid CA Operation KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators...
-
Upload
clara-anderson -
Category
Documents
-
view
219 -
download
2
Transcript of KISTI Grid CA Operation KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators...
KISTI Grid CA Operation
KISTI Supercomputing Center
Sangwan Kim, Soonwook Hwang
CA Operators Contact: [email protected]
Jan. 8, 2007
Subscriber
CA Operator
RA
CA machine(off-line)
Web Server(s)(with Virtual Host configuration)
Subscriber
CA Operator
RA
CA machine(off-line)
Web Server(s)(with Virtual Host configuration)
1 The subscriber download ‘User Application Form’ from the web site and fill the form.
Subscriber
CA Operator
RA
CA machine(off-line)
Web Server(s)(with Virtual Host configuration)
UserApplication
Form
Face-to-FaceMeeting
2
Subscriber
CA Operator
RA
CA machine(off-line)
Web Server(s)(with Virtual Host configuration)
3
PIN#
RA’s Signature
Get a PINnumber
PIN#
UserApplication
Form
Face-to-FaceMeeting
PIN#
The RA gets a PIN number from the CA server.PIN number requests can be done with RA privilege.The RA write down the PIN# in the application form of the user and sign the form.
Subscriber
CA Operator
RA
CA machine(off-line)
Web Server(s)(with Virtual Host configuration)
PIN#
PIN#
PIN#
RA’s Signature
FAX the applicationform to the CA
4
Subscriber
CA Operator
RA
CA machine(off-line)
Web Server(s)(with Virtual Host configuration)
PIN#
PIN#
PIN#
RA’s Signature
The CA checks the PIN#and RA’s Signature
5
Subscriber
CA Operator
RA
CA machine(off-line)
Web Server(s)(with Virtual Host configuration)
PIN#
PIN#
PIN#
RA’s Signature
If required, the CA may contact to the RA if the RA has really signed the
application form.
6
Subscriber
CA Operator
RA
CA machine(off-line)
Web Server(s)(with Virtual Host configuration)
PIN#
PIN#
The CA make a WACC for the user.WACC is protected by PIN#.
(PIN# is a password)
PIN#
PIN#
RA’s Signature
* WACC: Web-Access Client Certificate
PIN#
WACC
7
PIN#
WACC
Subscriber
CA Operator
RA
CA machine(off-line)
Web Server(s)(with Virtual Host configuration)
PIN#
PIN#
PIN#
* WACC: Web-Access Client Certificate
Register the WACC informationin the lookup database
of the web server.
8
Subscriber
CA Operator
RA
CA machine(off-line)
Web Server(s)(with Virtual Host configuration)
PIN#
PIN#
The CA send the WACCto the User by normal e-mail.
(The WACC is protected by PIN#)
PIN#
* WACC: Web-Access Client Certificate
PIN#
WACC
9
Subscriber
CA Operator
RA
CA machine(off-line)
Web Server(s)(with Virtual Host configuration)
PIN#
PIN#
PIN#
* WACC: Web-Access Client Certificate
PIN#
WACC
The Subscriber can decrypt the WACC using his PIN#.He installs the WACC in his web browser.
10
Subscriber
CA Operator
RA
CA machine(off-line)
Web Server(s)(with Virtual Host configuration)
PIN#
* CSR: Certificate Signing Request
WACC
The subscriber access the online CSR website with the WACC.This communication is protected with HTTPS with client authentication.
Internet
The web server authenticate the clientusing the WACC information received from the client,
and compare it with the lookup database,to check if the WACC is valid one or not.
11
HTTPS
Subscriber
CA Operator
RA
CA machine(off-line)
Web Server(s)(with Virtual Host configuration)
PIN#
* CSR: Certificate Signing Request
WACC
The Subscriber uploads his CSRto request for the CA to sign the CSR.
CSR
12
HTTPS
Subscriber
CA Operator
RA
CA machine(off-line)
Web Server(s)(with Virtual Host configuration)
PIN#WACC
The subscriber sends a notification e-mail to the CAafter uploading the CSR.
CSR
* CSR: Certificate Signing Request
13
Subscriber
CA Operator
RA
CA machine(off-line)
Web Server(s)(with Virtual Host configuration)
PIN#WACC
CSR
The CA get the CSR from the web server,and sign it to make a certificate.
Certificate
14
Subscriber
CA Operator
RA
CA machine(off-line)
Web Server(s)(with Virtual Host configuration)
PIN#WACC
The CA publish the certificatein the web server.
15
Subscriber
CA Operator
RA
CA machine(off-line)
Web Server(s)(with Virtual Host configuration)
PIN#
The CA operator send a notification e-mailto the subscriber after issuing a certificate.
16
Subscriber
CA Operator
RA
CA machine(off-line)
Web Server(s)(with Virtual Host configuration)
PIN#
The Subscriber get his certificatefrom the web server.
17
HTTPS