Rainer Perske
Westfälische Wilhelms-Universität
Zentrum für Informationsverarbeitung
Zertifizierungsstelle
Röntgenstraße 7-13
48149 Münster
ca@uni-muenster.de
+49 251 83 31590 (fon)
+49 251 83 31555 (fax)
ca. 30 min.
Rainer Perske
Westfälische Wilhelms-Universität
Zentrum für Informationsverarbeitung
Zertifizierungsstelle
Röntgenstraße 7-13
48149 Münster
ca@uni-muenster.de
+49 251 83 31590 (fon)
+49 251 83 31555 (fax)
Public Key: Algorithm RSA, Exponent 65537; Modulus e3 d2 10 ... 50 4a 85
Subject (certificate owner): CN=Rainer Perske, O=Universitaet Muenster, C=DE
Issuer (certification authority): CN=Zertifizierungsstelle, O=Universitaet Muenster, C=DE
Serial number: 13:95:13:C7:CD:EA:2E; version: 3 (has extensions)
Valid from 2012-03-30 11:17:11 UTC to 2015-03-30 11:17:11 UTC
Extension: Usage: signing, key encryption (for mail, TLS, Smartcard-Login), but not as CA
Extension: Alternative names: E-Mail perske@uni-muenster.de, Login: perske (uni-muenster.de)
Signature for all data above, created with the private
key of the certification authority:
Algorithm: PKCS #1 SHA-1 with RSA, value: 81 5c 3e ... a8 eb
40
The certificate does not contain the owner's private key!
The certificate of Rainer Perske is signed by the
Zertifizierungsstelle der Universität Münster
(WWU Certification Authority, WWUCA)
The WWUCA is an intermediate CA because ...
The certificate of the WWUCA is signed by the DFN Public Key
Infrastructure (DFN-PKI) “Global” CA
(DFN = Deutsches Forschungsnetz = German Research Network)
The DFN-PKI “Global” CA is an intermediate CA because ...
The certificate of the DFN-PKI “Global” CA is signed by the “Deutsche Telekom Root CA 2”
The “Deutsche Telekom Root CA 2” is a root CA because ...
The certificate of the “Deutsche Telekom Root CA 2” is signed by itself.
Rainer Perske ⇐ WWUCA ⇐ DFN-PKI “Global” CA ⇐ Deutsche Telekom Root CA 2
The “Deutsche Telekom Root CA 2” certificate is part of nearly all browsers and e-mail programs
Thus nearly all e-mail programs can check our e-mail signatures
automatically
and all browsers accept our server certificates automatically
Recipients of our e-mails or users connecting to our servers do not receive boring warnings
Demo: Firefox: Edit the CA certificate of “Deutsche Telekom Root CA 2”
4 staff members (at ZIV) + 5 further team members (spread over WWU and UKM)
I spend about 10 % of my time for the WWUCA, all others far less.
X.509 certificates issued by the WWUCA (all in the
DFN-PKI “Global” hierarchy):
valid certificates: 920: 450 server, 450 persons, 10 group, 10 team
member
issued certificates per year: 100 for servers, 160 for persons, 40
revocations
Other DFN-PKI hierarchies:
DFN-PKI “Basic” (relaxed identity check; not in browsers):
no demand
DFN-PKI “Grid” (for scientific grid computing):
registration only, one certificate per year
DFN-PKI “SLCS“ (Short-Lived Credential Service): no
demand
OpenPGP discontinued: Less than 15 certificates per year
Service of the German Research Network provided by DFN CERT GmbH in Hamburg
6 full time team members operate and develop DFN-PKI
5 X.509 hierarchies with different policies (“Classic”, “Global“, “Basic”, “Grid”, “SLCS“)
300+ outsourced subordinate CAs of DFN e.V. members (incl. WWUCA)
OpenPGP discontinued due to lack of demand
No additional costs: DFN PKI service is part of the DFN Internet service
WWU + UKM + KA + FH + MPI together pay 250.000 €/a for 2×2 GBit/s cluster connectivity
Generate a key pair
Upload public key + personal data, signed with the private key, to the WWUCA
Print the application form containing the fingerprint of the public key and further data
All above in one step: http://ca.wwu.de ⇒ Nutzerzertifikat
Sign the form and thus declare that the public key is really yours
Hand out the form to a WWUCA team member, presenting a proof of
identity
(identity card or passport, no driving license, no
student card)
The WWUCA never sees your private key (is no »trust center«)
Beneath all usual measures to protect computer and password
Use dedicated browser instance / virtual machine for sensitive applications
Always protect your private key by encrypting with a password
resp. PIN
(Firefox: Set master password before key generation, always encrypt
PKCS#12 backup files with a password!)
Always encrypt the medium containing your private key, too.
For authentication purposes, better use hardware device (smartcard, eToken, nPA) with a PIN.
(But think twice for e-mail purposes: you cannot read old e-mails any longer if you loose a your private key)
Always keep in mind: Your private key is only needed when signing and when decrypting, never else.
Get paranoid. Even more paranoid. “Social Engeneering” is the most successful way of attacking.
The WWUCA team member:
strictly obeys Certificate Policy (CP) and
Certification Practice Statement (CPS)
(Rules for security, target audience, privacy, methods,
archiving, contents, life times, revocations etc.)
CP: https://www.pki.dfn.de/fileadmin/PKI/DFN-PKI_CP.pdf
CPS: https://www.pki.dfn.de/fileadmin/PKI/DFN-PKI_CPS.pdf
checks all aspects of your request (perhaps applies corrections or rejects)
adds some data (Subject Alternative Names): e-mail addresses, login name, ...
compares the fingerprint on the form with that of the public
key
(thus the WWUCA knows the public key with the given fingerprint is
yours)
(electronically) signs a confirmation message to the certification server
(manually) signs and archives your request form
The DFN PKI certification server in Hamburg automatically:
checks the signature of the message and the accreditation of the signer
checks conformance of the request (only our domains? etc.)
creates the certificate
mails the certificate to the requester
publishes the certificate via LDAP (if requested)
Use as addressbook: ldap.pca.dfn.de:389, Base-DN: O=DFN-Verein,C=DE
Thunderbird: Bearbeiten | Einstellungen | Verfassen | Adressieren | LDAP-Verzeichnisserver | Bearbeiten | Hinzufügen ...
Several restrictions by CP+CPS (most of them technically enforced by DFN PKI):
only servers and e-mail addresses belonging to WWU, UKM, or KA
emailAddress=. . . (at most one may be given, but
see below)
CN=. . . (exactly one must be given; only name parts from
identity card, no “Prof.“ or alike)
OU=. . . (at most one may be given, avoid
abbreviations)
O=Universitaet Muenster (or) O=Universitaetsklinikum Muenster
(or) O=Kunstakademie Muenster (must be given)
L=Muenster (and) ST=Nordrhein-Westfalen (optional for
users; must be given for servers)
C=DE (must be given)
Limited character set for CN/OU/O/L/ST/C: a-z A-Z 0-9
'()+,-./:=? space; limited field length (64)
Convert german letters: ä ö ü ß Ä Ö
Ü ⇒ ae oe ue ss Ae Oe Ue,
Remove accents: Ibáñez ⇒ Ibanez,
Łódź ⇒ Lodz
Phonetically transcribe other scripts (phonetically):
Δήμητρα ⇒ Dimitra,
Ærøskøbing ⇒ Aeroeskoebing
Order matters and no other fields allowed
E-mail addresses, login names etc. can be given als Subject Alternative Name, but must be verified
You present your certificate (and all intermediate certificates):
As a person/group: when sending a signed e-mail (attached to the signature)
The recipient will check signature and certificate
As a server: when accepting an HTTPS (IMAPS, POP3S, ...) connection
The client will check the certificate and compare the host name
As a client: when connecting to an HTTPS (IMAPS, POP3S, ...) server
Only if expected by the server (better security than password authentification)
The server will check the certificate
Try: https://xsso.uni-muenster.de/MeinZIV/
For checking certificates you need the corresponding root certificate
Many root certificates are pre-installed in your software, but can be edited
The CA/Browser Forum recommends requirements for CAs whose root certificates are built in
Verifying certificates = (automatically)
comparing identity in certificate with e-mail partner resp. hostname
Hosts and domains are case-insensitive but local parts of e-mail addresses are case-sensitive:
perske@wwu.de = perske@WWU.DE ≠ Perske@WWU.DE
Always use lowercase only, both in certificates and in your e-mail configuration
checking all ( signature + purpose + life time + more ) of each certificate involved
checking trust in root certificate
checking whether the certificates make up a complete certificate chain
Demo: Firefox: https://www.uni-muenster.de/ | padlock symbol | Show certificates | Details
Rainer Perske
Westfälische Wilhelms-Universität
Zentrum für Informationsverarbeitung
Zertifizierungsstelle
Röntgenstraße 7-13
48149 Münster
ca@uni-muenster.de
+49 251 83 31590 (fon)
+49 251 83 31555 (fax)
© 2011-2013 Rainer Perske und Universität Münster