Overview of a PKI
Minimal parts of the PKI
- CA
- Entrust Authority Security Manager 7.1 SP3
- Security Manager database
- LDAP compliant Directory
Additionally we use,
- Roaming Server
- SMA (Security Manager Administration) Client
Security Manager Database
Store information about the PKI users and the infrastructure in the database. SM encrypts and protects data using keys derived from the Master User password. The database is used to,
- Store the CA signing key pair. Alternatively for higher security a Hawdware Security Module (HSM) can be used instead.
- Store user status information and DN of each user.
- Optionally, store the encryption key pair hsitory for all Entrust users.
- Store the verification public key history and public keys for users (note private keys never leave the user's profile).
- Store validity periods for user signing key pairs, user encryption key pairs and system cross-certificates.
- Store Security Officer information
- Store Entrust Administrator information
Security Manager Directory
The directory,
- Stores CA certificates
- CRLs
- Optionally, user information
Order and Dependencies
The PKI must be stopped and started in the right order.
- Informix Database
- CA
The is independent of the CA
- Directory
Starting Services
...
Stopping Services
The CA and Informix Database is traditionally run by user Master.
code