Faculty of information technology
Download 1.67 Mb. Pdf ko'rish
|
full thesis
- Bu sahifa navigatsiya:
- Entity Comes with in- stallation Created on start- up Comes after start-up
|
4.4.1
Certificate placement The entire security concept is based around combination of manual validation and X.509 certificates. Some of the certificates come with the application, some are created on start- up and still others are received during runtime. Table 4.4 shows for each entity, what certificates and keys will get into its possession at some point in time. Certificates and keys that begin with “CS_” are a special case. They are installed on CS during the installation process, but unlike DS certificate, they are added into the installation package by the administrator of the Customer Server. This is not the best way of importing own key pairs, but it is sufficient as a proof of concept. All “CS_” certificates are signed by CS_CA (where CS_CA is an exception – it is either self-signed, or signed by a third party CA). Each router will have 2 different key pairs of its own. When the user module is started for the first time (or when keys are deleted), it creates Router_TLS key and a self-signed 26 certificate. This key pair is then used for communication with DS and with CS. The other key pair it receives from the Customer Server and uses it only for OpenVPN. This key pair includes a certificate signed by CS_CA. Entity Comes with in- stallation Created on start- up Comes after start-up Router DS_crt Router_TLS_crt, Router_TLS_key Router_OVPN_crt, Router_OVPN_key, CS_CA_crt, CS_TLS_crt Customer Server CS_CA_crt, CS_CA_key, CS_OVPN_crt, CS_OVPN_key, CS_TLS_crt, CS_TLS_key, CS_WEB_crt, CS_WEB_key DS_crt Router_TLS_crt Dispatch Server DS_crt, DS_key CS_TLS_crt Table 4.4: Placement of keys and certificates. Download 1.67 Mb. Do'stlaringiz bilan baham: 
|