- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Building a Secured OS for a Root Certificate Authority
- Abstract
- This paper discusses the procedures necessary for securing an installation of Red Hat Enterprise Server 2.1 in support of a root certificate authority that will eventually function in the Higher Education Bridge Certificate Authority. As a basis of evaluation, the Federal Bridge Certificate Authority requirements will be used to provide guidance for assembling the certificate authority, as published by the Higher Education Public Key Infrastructure Policy Activities Group (1). The computer system described in this paper will be the Root Certificate Authority (CA) - the highest server in the organizations' Public Key Infrastructure (PKI) architecture. Practically, a Root CA is used rarely; it is hardened to the point that it will support only authorized access with strong physical, technical, and administrative controls. The Root CA must support PKI operations such as cross certification with other Root CA's and signing certificates for issuing CA's. This document is intended to be an artifact document for the certificate authority that will be assembled for an actual University and is part of the Security Policy (2) for the Certificate Authority as part of the evaluation process for participating in the HEBCA.