Research And Implementation Of Campus Network's Certification Authority Based On EJBCA

Considered stemming from the commercial interest that, the commercial CA pass healthy technology is not usually public, in the commercial CA key production process, uses content users and so on encryption algorithm and security intensity with difficulty understood generally and clarifies.In order to enable non-commercialized CA to have the usability, gave one to open the source CA—"EJBCA"."EJBCA"the software has nimbly, based on the module architecture, establishes above the J2EE 1.3(EJB2.0) standard.The software may alone move also may integrate it in any J2EE application.Software support establishment multistage CA, many CA different analysis situs pattern.Software after installment, disposition, also has based on the Web management contact surface operation, also available carries on the management based on the command line way, but also has the support script other functions."EJBCA"follows X.509 and PKIX(RFC3280) standard, the software has LGPL to open the source to permit that, the LGPL permission commercial software uses a LGPL kind of storehouse through the kind of storehouse quotation way, but does not need to operate the source commercial software the code.This causes to use the LGPL agreement to open the source code to be possible by the commercial software to take a kind of storehouse quotes and issues and the sale.This article first to"EJBCA"the movement, the management, the frame model has made the analysis and the research, and according to its needed the software to make the build and the realization, right"EJBCA"involved the crypto-algorithm and the security have done the research and the discussion.Then proposed optimizes the software with the revision the way to have custom-made garden area special-purpose PKI, satisfies campus network each kind of application the safety requirement.The paper analyzed in systematically the software CRL, OCSP, the key restored and so on the main function the source code, has studied the logical level and the data level connection thoroughly, realized the user status registration, the certificate application, the certificate has issued, the certificate management, the certificate abolishes, the Email notice and garden area PKI services and so on LDAP information issue.The article also introduced uses the source software to have custom-made the local CA authentication center the method, elaborated in detail in view of the campus information different application security requirements the construction independent PKI related strategy, and designed a PKI application plan to be possible to supply the reference.Finally uses most widespread IIS, the Tomcat server platform on the current WWW service in, to the newborn enrollment information issued and the digital library use exists the security problem gives the solution.This research use the mainstream technology JSP environment software, domestic studies the PKI technology and the product development now regarding at present has the model significance.