What is Certificate Authority?
What is Certificate Authority?
Certificate Authorities are a critical service in a network.
A Certification or Certificate Authority (CA) creates and issues:
- digital certificates
- public-private key pairs
- Certificate Revocation Lists (CRLs).
Digital certificates issued by the CA are digitally signed which binds the subject name (i.e. Subscriber identity) to the public key.
It’s role is to guarantee that the entity, individual or device granted the certificate is infact who or what they claim to be.
Why do we use a CA?
A CA provides services such as:
- Publication of certificates
- Lists of revoked certificates
- Verification of validity of Certificates.
- Compliant certificates
- Implements certificate profiles
- Maintains the link between the certificate request and the issued certificate
- Checking of revocation information to ensure that the certificate remains trusted and has not been revoked
The CA is a trusted third party that is responsible for physically verifying the legitimacy of the identity of an individual or organisation before issuing the digital certificate.
Functions of a CA
CA’s are vital to security. They perform the following functions.
Manages Signing of Certificates
Ensures the certificates are compliant with the chosen profile before signing any certificate received via the certificate signing request.
Manages the Revocation of Certificates
The Leviathan CA can also revoke certificates.
The CA ensures the verification of requests against profiles before signing.
Issues the Digital Certificate
Generates and Maintains the Certificate Revocation List (CRL)
Leviathan CA implements certificate profiles. Profiles are configurable indirectly via the Jellyfish User Interface.
Management of Stored Data to Authorised Users only
Manages the revocation of certificates, including the revocation statues and reason.
Public Key Protection
Protection of public key used to meet CA against undetected modification through use of dig sig. Verified upon each access of key.
Private/Secret Keys Protection
The protection of the Private/Secret key used for the certificate signing is provided by HSM.
The CA administration role is configured within Jellyfish. The Jellyfish user interface allows user to configure and manage certificate profiles, key management, CRL configuration, configuring allowed algorithms and configuration of workflows for certificate issuance.
Sensitive Data Protection
Protects identity, contact and evidence of identity information. Restricts the ability of destruction of sensitive data and limits the management of stored data to the authorised users only.
The Audit Records log all interactions with the CA by user identity, time, date and action. The Audit Role can real all information from the logs. It prevents unauthorised access and protects data the modification or deletion. It can be archived for long term retention.
Ability to store and recover to a previous state at direction of administrator. Backup and recover keys to ensure recoverability of the CA.
Jellyfish and Leviathan limits the management of stored data to authorised users only.
Internal Transfer Protection
Session Locking Mechanisms
The ability to configure to lock and end a session if the user has been inactive for a configured period of time. It requires the user to re-authenticate to continue using. it mitigates the risk of unattended sessions being hijacked.
Public Key Infrastructure
Benefits of Digital Signatures