KISTI Grid CA Operation KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators...

KISTI Grid CA Operation

KISTI Supercomputing Center

Sangwan Kim, Soonwook Hwang

CA Operators Contact: [email protected]

Jan. 8, 2007

Subscriber

CA Operator

RA

CA machine(off-line)

Web Server(s)(with Virtual Host configuration)

http://www.ontooniverse.com/pro/character.asp?program_id=A1999-0296


http://images.google.co.kr/imgres?imgurl=http://www.ars.usda.gov/is/kids/nutrition/story4/smileycomputer.gif&imgrefurl=http://www.ars.usda.gov/is/kids/nutrition/story4/internet.htm&h=201&w=203&sz=14&hl=ko&start=29&tbnid=oH_2l6pBPtDBeM:&tbnh=104&tbnw=105&prev=/images%3Fq%3Dcartoon%2Bcomputer%26start%3D20%26ndsp%3D20%26svnum%3D10%26hl%3Dko%26lr%3D%26newwindow%3D1%26rls%3DGGLJ,GGLJ:2006-43,GGLJ:ko%26sa%3DN

http://images.google.co.kr/imgres?imgurl=http://www.tarox.de/images/pressefotos/server-systeme/parx_tower_5.jpg&imgrefurl=http://www.tarox.de/presse/pressefotos_server-systeme.php%3Fcat%3Dnews_press%26pid%3D65&h=1181&w=1181&sz=153&hl=ko&start=2&tbnid=XqUONx14y4iFYM:&tbnh=150&tbnw=150&prev=/images%3Fq%3Dserver%26ndsp%3D21%26svnum%3D10%26hl%3Dko%26lr%3D%26newwindow%3D1%26rls%3DGGLJ,GGLJ:2006-43,GGLJ:ko%26sa%3DN

http://images.google.co.kr/imgres?imgurl=http://www.setonhs.org/Departments/CIT/images/cartoonComputer2.gif&imgrefurl=http://www.setonhs.org/Departments/CIT/citweb.htm&h=145&w=175&sz=7&hl=ko&start=31&tbnid=xkCWQsHufgHs7M:&tbnh=83&tbnw=100&prev=/images%3Fq%3Dcartoon%2Bcomputer%26start%3D20%26ndsp%3D20%26svnum%3D10%26hl%3Dko%26lr%3D%26newwindow%3D1%26rls%3DGGLJ,GGLJ:2006-43,GGLJ:ko%26sa%3DN

http://images.google.co.kr/imgres?imgurl=http://www1.istockphoto.com/file_thumbview_approve/377962/2/istockphoto_377962_locked_gate.jpg&imgrefurl=http://www.istockphoto.com/imageindex/377/9/377962/Locked_gate.html&h=380&w=311&sz=42&hl=ko&start=3&tbnid=A3_goF0cqv0XPM:&tbnh=123&tbnw=101&prev=/images%3Fq%3Dcartoon%2Block%26svnum%3D10%26hl%3Dko%26lr%3D%26newwindow%3D1%26rls%3DGGLJ,GGLJ:2006-43,GGLJ:ko

Subscriber

CA Operator

RA



1 The subscriber download ‘User Application Form’ from the web site and fill the form.







http://images.google.co.kr/imgres?imgurl=http://www.elfrida.com/images/application.gif&imgrefurl=http://www.elfrida.com/jobs.htm&h=224&w=169&sz=3&hl=ko&start=1&tbnid=tzwJ_JmlTYBp5M:&tbnh=108&tbnw=81&prev=/images%3Fq%3Dcartoon%2Bapplication%2Bform%26svnum%3D10%26hl%3Dko%26lr%3D%26newwindow%3D1%26rls%3DGGLJ,GGLJ:2006-43,GGLJ:ko

Subscriber

CA Operator

RA



UserApplication

Form

Face-to-FaceMeeting

2








Subscriber

CA Operator

RA



3

PIN#

RA’s Signature

Get a PINnumber

PIN#

UserApplication

Form

Face-to-FaceMeeting

PIN#

The RA gets a PIN number from the CA server.PIN number requests can be done with RA privilege.The RA write down the PIN# in the application form of the user and sign the form.







Subscriber

CA Operator

RA



PIN#

PIN#

PIN#

RA’s Signature

FAX the applicationform to the CA

4






http://images.google.co.kr/imgres?imgurl=http://www.thisisarecording.com/telephoneimages/fax1t.gif&imgrefurl=http://www.thisisarecording.com/telephoneimages/images12.shtml&h=94&w=94&sz=4&hl=ko&start=15&tbnid=S1iMT093XgTVZM:&tbnh=80&tbnw=80&prev=/images%3Fq%3Dcartoon%2Bfax%2Bmachine%26svnum%3D10%26hl%3Dko%26lr%3D%26newwindow%3D1%26rls%3DGGLJ,GGLJ:2006-43,GGLJ:ko


http://images.google.co.kr/imgres?imgurl=http://www.sc.edu/library/socar/mpc/images/lardner.gif&imgrefurl=http://www.sc.edu/library/socar/mpc/lardner.html&h=173&w=191&sz=14&hl=ko&start=50&tbnid=zA1KmOQvJWNE2M:&tbnh=93&tbnw=103&prev=/images%3Fq%3Dcartoon%2Bsignature%26start%3D40%26ndsp%3D20%26svnum%3D10%26hl%3Dko%26lr%3D%26newwindow%3D1%26rls%3DGGLJ,GGLJ:2006-43,GGLJ:ko%26sa%3DN


Subscriber

CA Operator

RA



PIN#

PIN#

PIN#

RA’s Signature

The CA checks the PIN#and RA’s Signature

5









Subscriber

CA Operator

RA



PIN#

PIN#

PIN#

RA’s Signature

If required, the CA may contact to the RA if the RA has really signed the

application form.

6

http://images.google.co.kr/imgres?imgurl=http://www.bradfitzpatrick.com/stock_illustration/images/cartoon_phone_01.jpg&imgrefurl=http://www.bradfitzpatrick.com/stock_illustration/cartoon_phone_01.htm&h=180&w=240&sz=9&hl=ko&start=1&tbnid=EKMrPF2b3IW5gM:&tbnh=83&tbnw=110&prev=/images%3Fq%3Dcartoon%2Bphone%26svnum%3D10%26hl%3Dko%26lr%3D%26newwindow%3D1%26rls%3DGGLJ,GGLJ:2006-43,GGLJ:ko









Subscriber

CA Operator

RA



PIN#

PIN#

The CA make a WACC for the user.WACC is protected by PIN#.

(PIN# is a password)

PIN#

PIN#

RA’s Signature

* WACC: Web-Access Client Certificate

PIN#

WACC

7








http://images.google.co.kr/imgres?imgurl=http://www1.istockphoto.com/file_thumbview_approve/257133/2/istockphoto_257133_key_2_success.jpg&imgrefurl=http://www.istockphoto.com/imageindex/257/1/257133/Key_2_Success.html&h=285&w=380&sz=17&hl=ko&start=2&tbnid=ttV_PglNdb62GM:&tbnh=92&tbnw=123&prev=/images%3Fq%3Dcartoon%2Bkey%26ndsp%3D21%26svnum%3D10%26hl%3Dko%26lr%3D%26newwindow%3D1%26rls%3DGGLJ,GGLJ:2006-43,GGLJ:ko%26sa%3DN


PIN#

WACC

Subscriber

CA Operator

RA



PIN#

PIN#

PIN#


Register the WACC informationin the lookup database

of the web server.

8








Subscriber

CA Operator

RA



PIN#

PIN#

The CA send the WACCto the User by normal e-mail.

(The WACC is protected by PIN#)

PIN#


PIN#

WACC

9






http://images.google.co.kr/imgres?imgurl=http://www.ak-pa.org/images/email.gif&imgrefurl=http://www.ak-pa.org/&h=173&w=186&sz=9&hl=ko&start=16&tbnid=KfcadAuoLpkVsM:&tbnh=95&tbnw=102&prev=/images%3Fq%3Demail%26svnum%3D10%26hl%3Dko%26lr%3D%26newwindow%3D1%26rls%3DGGLJ,GGLJ:2006-43,GGLJ:ko

http://images.google.co.kr/imgres?imgurl=http://www.mainenature.org/images/email_cartoon.gif&imgrefurl=http://www.mainenature.org/&h=364&w=333&sz=7&hl=ko&start=27&tbnid=sfJr_9EujUOFYM:&tbnh=121&tbnw=111&prev=/images%3Fq%3Dcartoon%2Be-mail%26start%3D20%26ndsp%3D20%26svnum%3D10%26hl%3Dko%26lr%3D%26newwindow%3D1%26rls%3DGGLJ,GGLJ:2006-43,GGLJ:ko%26sa%3DN



Subscriber

CA Operator

RA



PIN#

PIN#

PIN#


PIN#

WACC

The Subscriber can decrypt the WACC using his PIN#.He installs the WACC in his web browser.

10








Subscriber

CA Operator

RA



PIN#

* CSR: Certificate Signing Request

WACC

The subscriber access the online CSR website with the WACC.This communication is protected with HTTPS with client authentication.

Internet

The web server authenticate the clientusing the WACC information received from the client,

and compare it with the lookup database,to check if the WACC is valid one or not.

11

HTTPS







http://images.google.co.kr/imgres?imgurl=http://www.ddpsi.com/cloud.jpg&imgrefurl=http://www.ddpsi.com/DDPSIKofax.htm&h=207&w=397&sz=10&hl=ko&start=8&tbnid=qvIcr2yhy-ISHM:&tbnh=65&tbnw=124&prev=/images%3Fq%3Dinternet%2Bcloud%26svnum%3D10%26hl%3Dko%26lr%3D%26newwindow%3D1%26rls%3DGGLJ,GGLJ:2006-43,GGLJ:ko


Subscriber

CA Operator

RA



PIN#


WACC

The Subscriber uploads his CSRto request for the CA to sign the CSR.

CSR

12

HTTPS








http://images.google.co.kr/imgres?imgurl=http://www.thepostcard.com/walt/comic/cmc38.gif&imgrefurl=http://www.thepostcard.com/walt/comic/comic1.htm&h=158&w=256&sz=19&hl=ko&start=56&tbnid=so3_3d2fUN3DEM:&tbnh=69&tbnw=111&prev=/images%3Fq%3Dcartoon%2Bcard%26start%3D40%26ndsp%3D20%26svnum%3D10%26hl%3Dko%26lr%3D%26newwindow%3D1%26rls%3DGGLJ,GGLJ:2006-43,GGLJ:ko%26sa%3DN

Subscriber

CA Operator

RA



PIN#WACC

The subscriber sends a notification e-mail to the CAafter uploading the CSR.

CSR


13











http://images.google.co.kr/imgres?imgurl=http://www.fs.fed.us/newcentury/images/alarm_clock.gif&imgrefurl=http://www.fs.fed.us/newcentury/NCS_projects.htm&h=171&w=149&sz=4&hl=ko&start=1&tbnid=j5nUbgq4Kr548M:&tbnh=100&tbnw=87&prev=/images%3Fq%3Dcartoon%2Balarm%26svnum%3D10%26hl%3Dko%26lr%3D%26newwindow%3D1%26rls%3DGGLJ,GGLJ:2006-43,GGLJ:ko

Subscriber

CA Operator

RA



PIN#WACC

CSR

The CA get the CSR from the web server,and sign it to make a certificate.

Certificate

14







http://images.google.co.kr/imgres?imgurl=http://www.netbizsolutions.com/internet-advertising-consultancy-graphics/internet-advertising-guru-cert.jpg&imgrefurl=http://www.netbizsolutions.com/&h=570&w=736&sz=47&hl=ko&start=19&tbnid=jsV6xUjnljwp2M:&tbnh=109&tbnw=141&prev=/images%3Fq%3Dinternet%26svnum%3D10%26hl%3Dko%26lr%3D%26newwindow%3D1%26rls%3DGGLJ,GGLJ:2006-43,GGLJ:ko



Subscriber

CA Operator

RA



PIN#WACC

The CA publish the certificatein the web server.

15









Subscriber

CA Operator

RA



PIN#

The CA operator send a notification e-mailto the subscriber after issuing a certificate.

16










http://images.google.co.kr/imgres?imgurl=http://www.fs.fed.us/newcentury/images/alarm_clock.gif&imgrefurl=http://www.fs.fed.us/newcentury/NCS_projects.htm&h=171&w=149&sz=4&hl=ko&start=1&tbnid=j5nUbgq4Kr548M:&tbnh=100&tbnw=87&prev=/images%3Fq%3Dcartoon%2Balarm%26svnum%3D10%26hl%3Dko%26lr%3D%26newwindow%3D1%26rls%3DGGLJ,GGLJ:2006-43,GGLJ:ko

Subscriber

CA Operator

RA



PIN#

The Subscriber get his certificatefrom the web server.

17

HTTPS








KISTI Grid CA Operation KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators...

Documents

Transcript of KISTI Grid CA Operation KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators...