The Open–source PKI Book: A guide to PKIs and Open–source Implementations
Prev		Next

Chapter 4. General implementation overview

Table of Contents
Prerequisites
Initialisation of the Certification Authority
User/Server key generation and signing

We give a technical overview of the processes of creating a certificate and operating a Certification Authority.

Prerequisites

We shall discuss here the software needed to create a usable Certification Authority.

Useful open–source software

The following software can provide the collective functionality of a Certification Authority.

For the Certification Authority Server, any operating system can be used. In case it communicates manually with the Registration Authority (for example, data files are transfered using a floppy disk), it does not even need to have network support. However, it is recommended to use operating systems that provide some sort of assurance of its stability and can have irrelevant system or network services easily removed. We recommend Unix™ or Unix™–like operating systems.
SSL/TLS software
WWW server with SSL/TLS support
LDAP server
Text/Graphical Interface, possibly in Java/HTML

The PKIX standards do not suggest nor forbid the use of a WWW server for the role of a CA/RA. To remove the need to create standalone network applications for both the CA and RA, it is possible to use individual WWW servers operated by designated Operators.

Prev	Home	Next
Typical uses of public key cryptography		Initialisation of the Certification Authority