The OpenCA Book

A guide to OpenCA, the Open Certification Authority

Simos Xenitellis

OpenCA Team

This document contains information about the OpenCA project (http://www.openca.org), an open–source project to create a Certification Authority.


Table of Contents
1. Introduction
Cryptographic Algorithms
Message Digests
Digital Signatures
Certificates
Certification Authority
2. Description of a Certification Authority
Creation of the key–pair and the CSR
Signing of the CSR by the Certification Authority
Discussion on levels of Certificates
Certification Authority chains
Hybrid communication
3. Implementation details
Prerequisites
Useful open–source software
Initialisation of the Certification Authority
Generate the RSA key–pair for the CA
Create a self–signed CA Certificate
User/Server key generation and signing
Generate the RSA key–pair for a user/server
Generate a Certificate Signing Request (CSR)
Ask the CA to sign the Certificate Signing Request
4. The structure of OpenCA
OpenCA Layout
OpenCA Terminology
Functionality of the CA Server (CAServer)
Initialisation / CA Management
Requests
Certificates
CRL
Functionality of the RA Server (RAServer)
Requests
Certificates
CRL
Misc Utilities
Functionality of the RA Operators (RAOperators)
Get CA Certificate
Certificate Revocation Lists
Request a Certificate
Get Requested Certificate
Issued Certificates List
5. Basic open–source software used in OpenCA
Software packages
6. OpenCA Installation details
Software installation sequence
Installation of Perl modules
Installation of OpenCA–specific modules
Installation of OpenCA
WWW Server installation
LDAP installation
7. How to get support
8. Status of the OpenCA Project
9. Future work
10. Contributions
11. About this document
12. Trademarks
A. Perl modules
Locating Perl modules
Installing Perl modules
B. Sample Certificate Documents
Sample Encrypted Private Key in PEM format (2048 bits)
Sample Private Key in PEM format (2048 bits)
Sample Private Key in TXT format (2048 bits)
Sample CA Certificate in PEM format
Sample CA Certificate in TXT format
Sample Certificate Signing Request in PEM format
Sample Certificate Signing Request in TXT format
C. OpenCA Configuration Notes
openssl.cnf configuration for OpenCA
Glossary
Bibliography