Research And Implementation Of The LDAP-based CA Certification

With the rapid development of Internet, there is an increasing number of network security applications based on directory services. The requirements of the safety and efficiency on directory services are also rising. So in order to meet a variety of network services security needs, the security certification mechanism must be further improved urgently. LDAP (Lightweight Directory Access Protocol) is an open industry standard directory protocol based on X.500 and TCP/IP, with simple, flexible and powerful features. It offers a common format and method to store and access information, and uses the same way to name, describe and designate users and resources within the scope of an authority, with the result that simplified communication and management. In this paper, after understanding and analysis of the principles of PKI and CA (Certificate Authority) certification system, combining the characteristics of LDAP directory access model and the functional requirements of domain-oriented software production platform, a LDAP-based CA certification system is designed and implemented.Firstly, this paper conducts the thorough research about related technologies, as CA certification technology and LDAP Directory Access model, points out the existing problems in traditional unify security certification course, and analyzes the root causes of these problems. Then, according to the design requirements of domain-oriented software production platform, it puts forward CA-based certification system and the LDAP directory service structure, and analyzes the security mechanism of the LDAP-based CA security certification system. Ground on the original architecture of the platform, it designs LDAP directory service architecture and CA Certification system, while providing related interfaces of the LDAP and CA adapters. Finally, the system is deployed in the platform, and an example is given to verify the integrity of the system.The LDAP-based security certification system in this paper is in charge of security certification and personnel organization structure management in the platform. Using LDAP directory service to design the personnel organization structure makes the established CA certification system and the platform integrated organically. It is better in simplicity, flexibility and extendibility.