SRCE.CA Self Audit Overview and Organization Insights
"Discover the thorough self-audit findings and organizational structure of SRCE Computing Centre through this detailed overview. Explore certificates, system architecture, CP/CPS updates, and more."
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
SRCE CA Self Audit Emir Imamagi University Computing Centre (Srce)
Overview SRCE CA Self Audit Conclusion
Overview Established in May 2006 Certificates for the Croatian academic and research community Public web site: http://ra.srce.hr Email address: srce-ca@srce.hr Approved by EUGridPMA in July 2006 Classic AP 4.0
Organization CA & RA @ SRCE three staff members: Tomislav Stilinovic, Emir Imamagic, Dobrisa Dobrenic One lightweight RAa ETFOS (Faculty of Electrical Engineering in Osijek, Croatia), Goran Martinovic
System Architecture OpenCA version 1.5.1 online part integrated with Croatian AAI infrastructure AAI@EduHr Online interface (RA) used by EE for certificate requests used by RAs for request confirmations deployed on dedicated server Offline signing machine (CA) machine kept in safe accessible to CA staff only data transfer achieve USB data backup performed after each operation
Certificates Total: 1196 certificates Host: 491 User: 705 Valid: 83 certificates Host: 24 User: 59 Revoked: 23 certificates retired machines forgotten passphrase accidentally deleted private keys
CP/CPS Updates Version 1.1 November 20th2009 updated EE & CA extensions made compliant with Grid Certificate Profile Version 1.3 May 14th2010 updates after the first self audit Version 1.4 Aug 8th2015. updates after the second self audit unfortunately not published
Versions Guidelines for auditing Grid CAs version 1.1 October 28th2010 Authentication Profile for Classic X.509 Public Key Certification Authorities with secured infrastructure version 4.4 SRCE CA CP/CPS version 1.4 Aug 8th2015
Summary Total number of items: 67 Marks: C: 0 B: 1 X: 1 A: 65 Marks in previous self audit (2015): C: 1 B: 1 X: 1 A: 64
CP/CPS B - 1.6 Item description: The CP/CPS documents should be structured as defined in RFC 3647. Status: CP/CPS is structured as defined in RFC 2527. Solution: Currently we do not have resources to perform such major update. Current CP/CPS defines well our practices. We can consider updating in future if strongly requested from PMA and Relying Parties.
End Entity Certificates and Keys X 7.41 Item description: Certificates associated with a private key residing solely on hardware token may be renewed for a validity period of up to 5 years (for equivalent RSA key lengths of 2048 bits) or 3 years (for equivalent RSA key lengths of 1024 bits). Comment: CA does not support keys residing on hardware tokens.
Conclusion & Final Remarks SRCE CA operates in a stable manner for 12 years Number of certificates decreasing planning to decommission grid services in 2018. Publish CP/CPS version 1.4 Changes related to GDPR compliance SHA-2 CA certificate?
Thank You! Questions? eimamagi@srce.hr www.srce.unizg.hr
