Usage:

Please first press three or four times [Ctrl]-[+] to resize the layout.

Clicking into the right top corner (page number area) jumps to the next page.

Clicking into the left top corner (slot logo area) jumps to the previous page.

Here we go.

For printing the contents simply use the print function of your browser.

Preparation (homework given in lecture)

Monday

Select a computer of your choice. Use the same computer for all steps below.
Make sure that you are the only user of this computer.
This includes physical protection against theft and loss as well as configurational protection by choosing safe passwords, configuring a crypto file system and a desktop firewall and so on.
Choose a WWW browser and an e-mail program of your choice.
If you select programs using a common certificate store (e.g. Outlook + Internet Explorer or Seamonkey + Seamonkey) it will make life easier later.
Open the WWW browser configuration and establish a safe master password.
Firefox: Bearbeiten or Extras | Einstellungen | Sicherheit | Check: Master-Passwort verwenden.
A German language guide for following steps can be found on https://www.uni-muenster.de/WWUCA/info/request-x509-person.html.
Open the WWW browser and go to ca.wwu.de.
You will be forwarded to a web page where you can request and search for certificates.

. . .

Select Nutzerzertifikat, fill in the form, and click on Weiter.
Please enter only e-mail addresses ending in @uni-muenster.de, not those ending in @wi.uni-muenster.de. Use only lowercase letters, no uppercase letters. You may set up an automatic e-mail forwarding from the @uni-muenster.de address to the @wi.uni-muenster.de address using https://sso.uni-muenster.de/MeinZIV/?action=forward_page if you like.
Check all your data, then click on Bestätigen.
Perhaps after some check-backs depending on the WWW browser used (always select the highest security level resp. bit count) and/or password queries, a key pair is generated now by your browser. The private key is invisibly stored on your disk. The public key is sent together with your personal data to the WWUCA.
If you own a smartcard reader and a smartcard (or an eToken) with the corresponding driver software, you are asked and can select that device for generating and storing your private key for even more security.
On the next page click on Zertifikatantrag anzeigen.
A PDF file is downloaded and opened. Print this file, manually fill in the blank lines of the form and sign it.
You can even manually add further e-mail addresses, but limit yourself to @uni-muenster.de addresses.
Take the signed form and your identity card or passport and meet a WWUCA team member in person during the tuesday lecture.
If you miss this date, see the WWUCA contact web page for how to meet a WWUCA team member.

. . .

Tuesday

The director of the WWUCA will explain certificates and the WWUCA (in German).
A WWUCA team member is present at the tuesday, accepts your signed form and checks your identity.

Later

You'll receive an e-mail with your certificate and a link. Open the link with the same browser instance and click on the button displayed. The certificate will be merged with your private key.
Now you can export certificate and private key into a PKCS#12 file (*.p12, *.pfx) and import them into other browsers, e-mail programs etc.

ca. 30 Min.

Certificates and e-mail

Rainer Perske
Westfälische Wilhelms-Universität
Zentrum für Informationsverarbeitung
Zertifizierungsstelle
Röntgenstraße 7-13
48149 Münster
ca@uni-muenster.de
+49 251 83 31590 (fon)
+49 251 83 31555 (fax)

Certificate (simplified example)

Public Key: Algorithm RSA, Exponent 65537; Modulus e3 d2 10 ... 50 4a 85
Subject (certificate owner): CN=Rainer Perske, O=Universitaet Muenster, C=DE
Issuer (certification authority): CN=Zertifizierungsstelle, O=Universitaet Muenster, C=DE
Serial number: 13:95:13:C7:CD:EA:2E; version: 3 (has extensions)
Valid from 2012-03-30 11:17:11 UTC to 2015-03-30 11:17:11 UTC
Extension: Usage: signing, key encryption (for mail, TLS, Smartcard-Login), but not as CA
Extension: Alternative names: E-Mail perske@uni-muenster.de, Login: perske (uni-muenster.de)
Signature for all data above, created with the private key of the certification authority:
Algorithm: PKCS #1 SHA-1 with RSA, value: 81 5c 3e ... a8 eb 40
The certificate does not contain the owner's private key!

Certification hierarchy

The certificate of Rainer Perske is signed by the Zertifizierungsstelle der Universität Münster
(WWU Certification Authority, WWUCA)
The WWUCA is an intermediate CA because ...
The certificate of the WWUCA is signed by the DFN Public Key Infrastructure (DFN-PKI) “Global” CA
(DFN = Deutsches Forschungsnetz = German Research Network)
The DFN-PKI “Global” CA is an intermediate CA because ...
The certificate of the DFN-PKI “Global” CA is signed by the “Deutsche Telekom Root CA 2”
The “Deutsche Telekom Root CA 2” is a root CA because ...
The certificate of the “Deutsche Telekom Root CA 2” is signed by itself.

Rainer Perske ⇐ WWUCA ⇐ DFN-PKI “Global” CA ⇐ “Deutsche Telekom Root CA 2”

Why do we use this hierarchy with DFN-PKI “Global”?

The “Deutsche Telekom Root CA 2” certificate is part of nearly all browsers and e-mail programs
Thus nearly all e-mail programs can check our e-mail signatures automatically
and all browsers accept our server certificates automatically
Recipients of our e-mails or users connecting to our servers do not receive boring warnings
Demo: Firefox: Edit the CA certificate of “Deutsche Telekom Root CA 2”

WWUCA

3 staff members (at ZIV) + 6 further team members (spread over WWU and UKM)
I spend about 10 % of my time for the WWUCA, all others far less.
X.509 certificates issued by the WWUCA (all in the DFN-PKI “Global” hierarchy):
valid certificates: ca. 800: 440 server, 340 user, 10 code signing, 10 team member
issued certificates per year: ca. 120 personal and 90 server certificates and 40 revocations
Other DFN-PKI hierarchies:
DFN-PKI “Classic” (not in browsers) discontinued, replaced by “Global“
DFN-PKI “Basic” (relaxed identity check; not in browsers) not supported (no demand)
DFN-PKI “Grid” (for scientific grid computing) is supported (but not as distinct CA)
DFN-PKI “SLCS“ (Short-Lived Credential Service) not supported (no demand)
OpenPGP discontinued: Less than 15 certificates per year

DFN PKI

Service of the German Research Network provided by DFN CERT GmbH in Hamburg
6 full time team members operate and develop DFN-PKI
- 5 X.509 hierarchies with different policies (“Classic”, “Global“, “Basic”, “Grid”, “SLCS“)
- 300+ outsourced subordinate CAs of DFN e.V. members (incl. WWUCA)
- OpenPGP discontinued due to lack of demand
No additional costs: DFN PKI service is part of the DFN Internet service
- WWU + UKM + KA + FH + MPI together pay 250.000 €/a for 2×2 GBit/s cluster connectivity

Requesting a user certificate

Generate a key pair
Upload public key + personal data, signed with the private key, to the WWUCA
Print the application form containing the fingerprint of the public key and further data
All above in one step: http://ca.wwu.de ⇒ Nutzerzertifikat
Sign the form and thus declare that the public key is really yours
Hand out the form to a WWUCA team member, presenting your identity card
The WWUCA never sees your private key (is no »trust center«)

Keeping your private key safe

Beneath all usual measures to protect computer and password
Use dedicated browser instance / virtual machine for sensitive applications
Always protect your private key by encrypting with a password resp. PIN
(master password in Firefox, encryption password for PKCS#12 files)
Always encrypt the medium containing your private key, too.
For authentication purposes, better use hardware device (smartcard, eToken, nPA) with a PIN.
- (But think twice for e-mail purposes: you cannot read old e-mails any longer if you loose your private key)
Always keep in mind: Your private key is only needed when signing and when decrypting, never else.
Get paranoid. Even more paranoid. “Social Engeneering” is the most successful way of attacking.

Certification process (1)

The WWUCA team member:
- strictly obeys Certificate Policy (CP) and Certification Practice Statement (CPS)
  (Rules for security, target audience, privacy, methods, archiving, contents, life times, revocations etc.)
  CP: https://www.pki.dfn.de/fileadmin/PKI/DFN-PKI_CP.pdf
  CPS: https://www.pki.dfn.de/fileadmin/PKI/DFN-PKI_CPS.pdf
- checks all aspects of your request (perhaps applies corrections or rejects)
- compares the fingerprint on the form with that of the public key
  (thus the WWUCA knows the public key with the given fingerprint is yours)
- (electronically) signs a confirmation message to the certification server
- (manually) signs and archives your request form

Certification process (2)

The DFN PKI certification server in Hamburg automatically:
- checks the signature of the message and the accreditation of the signer
- checks conformance of the request (only our domains? etc.)
- creates the certificate
- mails the certificate to the requester
- publishes the certificate via LDAP (if requested)
  - Use as addressbook: ldap.pca.dfn.de:389, Base-DN: O=DFN-Verein,C=DE
  - Thunderbird: Bearbeiten | Einstellungen | Verfassen | Adressieren | LDAP-Verzeichnisserver | Bearbeiten | Hinzufügen ...

X.500 DNs in WWUCA certificates

Several restrictions by CP+CPS:
- only servers and e-mail addresses belonging to WWU, UKM, or KA
- emailAddress=. . . (at most one may be given, but see below)
  CN=. . . (exactly one must be given; only name parts from identity card, no "Prof." or alike)
  OU=. . . (at most one may be given)
  O=Universitaet Muenster (or) O=Universitaetsklinikum Muenster (or) O=Kunstakademie Muenster (must be given)
  L=Muenster (and) ST=Nordrhein-Westfalen (optional for users; must be given for servers)
  C=DE (must be given)
- Limited character set for CN/OU/O/L/ST/C: a-z A-Z 0-9 '()+,-./:=? space; limited field length (64)
  Convert german letters: ä ö ü ß Ä Ö Ü ⇒ ae oe ue ss Ae Oe Ue,
  Remove accents: Ibáñez ⇒ Ibanez, Łódź ⇒ Lodz; and transcribe (phonetically): Δήμητρα ⇒ Dimitra
- Order matters and no other fields allowed
- E-mail addresses, login names etc. can be given als Subject Alternative Name, but must be verified

Presenting a certificate

You present your certificate (and all intermediate certificates):
- As a user: when sending a signed e-mail (as part of the signature)
  - The recipient will check the certificate
- As a server: when accepting an HTTPS (IMAPS, POP3S, ...) connection
  - The client will check the certificate
- As a client: when connecting to an HTTPS (IMAPS, POP3S, ...) server
  - Only if requested by the server (better security than password authentification)
  - The server will check the certificate
  - Try: https://xsso.uni-muenster.de/MeinZIV/

Checking a certificate

For checking certificates you need the corresponding root certificate
Many root certificates are pre-installed in your software, but can be edited
Checking certificates = (automatically)
- comparing identity in certificate with e-mail partner resp. hostname
  - Hosts and domains are case-insensitive but local parts of e-mail addresses are case-sensitive:
    perske@wwu.de = perske@WWU.DE ≠ Perske@WWU.DE
  - Always use lowercase only, both in certificates and in your e-mail configuration
- checking all ( signature + purpose + life time + more ) of each certificate involved
- checking trust in root certificate
- checking whether the certificates make up a complete certificate chain
Demo: Firefox: https://www.uni-muenster.de/ | padlock symbol | Show certificates | Details

Demo (Firefox/Thunderbird) (shows your homework)

Import own certificate
Export own certificate incl. private key into a PKCS#12 file (.p12 or .pfx)
Import PKCS#12 file into Thunderbird
Activate own private key as signing key in Thunderbird
Send a signed e-mail
Receive a signed e-mail, check signature
Send/receive an encrypted e-mail