Background
Certificate Authority (CA)
From SearchSecurity.com website (http://searchsecurity.techtarget.com/definition/certificate-authority) we find that:
A certificate authority (CA) is an authority in a network that issues and manages security credentials and public keys for message encryption. As part of a public key infrastructure (PKI), a CA checks with a registration authority (RA) to verify information provided by the requestor of a digital certificate. If the RA verifies the requestor’s information, the CA can then issue a certificate.
Depending on the public key infrastructure implementation, the certificate includes the owner’s public key, the expiration date of the certificate, the owner’s name, and other information about the public key owner.
A digital certificate is an electronic “credit card” that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder’s public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticating users can look up other users’ public keys.
Further, Daniel Petri in his paper on install a Windows Server 2003 CA (http://www.petri.co.il/install_windows_server_2003_ca.htm) states:
Digital Certificates can be granted to users based upon their roles and group membership. For example, a regular user that wants to enroll for a certificate will only be allowed to enroll for a specific set of Digital Certificates, while another user that is a member of the Domain Admins group will be allowed to enroll for a different set of certificates that can be used for a variety of functions, including Recovery Agents, IPSec, SSL and so on.
User Digital Certificates are valid for different purposes, including:
• Allowing data on disk to be encrypted
• Protecting e-mail messages
• Proving the user’s identity to a remote computer and more.
Note: There may be scenarios where a company might opt to use 3rd party issued Digital Certificates instead of creating their own, especially when that company’s users will be dealing with out-of-the-company users, exchanging encrypted e-mail messages between themselves and these outside users, or when using SSL on a secured web site. This is because the outside users might not be willing to trust the company’s internal CA.
Learning Objectives
After completing this lab, you will have
o Practice logging into the NU-ISLE Environment
o Practice starting up and logging into a virtual machine
And using OpenSSL be able to
o Install require software as needed to develop a CA on a Windows 7 VM
? Build a root certificate
? Build a server certificate
? Build client certificates for users
o Install require software as needed to develop a CA on Linux Fedora VM
? Build a root certificate
? Build a server certificate
? Build client certificates for users
CYB601 Lab-005
Time Required
2 hrs
Materials and Setup
You will need the following Equipment requirements:
o Computer running Windows 7 64-bit operating system and 64-bit internet explorer web browser
o 64-bit JAVA installed
o Internet connectivity
You will need the following instructions:
o Instructions for Installing OpenSSL in Windows 7
o Instructions for creating certificates in OpenSSL
(Be your own Certificate Authority–windows-v5.docx)
o CYB601 Lab-005 and Lab-006
Lab Steps
Following the NU-ISLE instructions
Step 1: Establish a VPN session
Step 2: Use VMware vSphere Client
Step 3: Open a console for your Windows 7 VM, start your VM and login
Step 4: Following the steps in Installing Windows OpenSSL CA, install a Windows CA and build both the required root and client certificates.
Step 5: Upload a ‘zip’ file of your myCA directory as “lastname-L5-myCA.zip” and your finished lab file into Week 3 Assignment Drop Box.
CYB601 Lab-006
Time Required
2 hrs
Materials and Setup
You will need the following Equipment requirements:
o Computer running Windows 7 64-bit operating system and 64-bit internet explorer web browser
o 64-bit JAVA installed
o Internet connectivity
o Linux VM
You will need the following instructions:
o Instructions for Installing OpenSSL in Fedora 18
o Instructions for creating certificates in OpenSSL
(Be your own Certificate Authority–linux-v3.docx)
o CYB601 Lab-005 and Lab-006
Lab Steps
Following the NU-ISLE instructions
Step 1: Establish a VPN session
Step 2: Use VMware VSphere Client
Step 3: Open a console for your Linux Fedora 18 VM, start your VM and login
Step 4: Following the steps in Instructions for creating certificates in Linux, build both the required root and client certificates.
Step 5: Upload a ‘zip’ file of your myCA directory as “lastname-L5-myCA.zip” and your finished lab file into Week 3 Assignment Drop Box. CLICK HERE FOR MORE ON THIS TOPIC
No comments:
Post a Comment