Return to search

Remote CRL managementfor offline Certificate Authority / Fjärr CRL hantering för offline CA

Abstract—This paper will detail the process and methods to the problem with having an Offline Certificate Authority that can still be accessed remotely. Specifically, to update CRL on the server when the need arises without bringing the entire CA online. This has been managed via local access in the past but to ease the use a need for remote management has arisen. This paper will explain how this problem was solved with the use of a Data diode to prevent the CA to be fully online. A Data Diode will only allow traffic in one direction keeping any data from leaking from the CA while still making it available for specific uploads, in this case CRL files that handle the revocation of certificates issued by the CA. This will allow for more up to date lists when the server is brought online for the issuance of certificates once per year. This paper will try to detail the steps that need to be taken in order to set up an edge server that allows the transmission of files with the use of UDP.  Keywords—CRL Content Revocation List, CA Certificate Authority, Data Diode, Offline Server, UDP user Datagram Protocol.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:ltu-101155
Date January 2023
CreatorsÅman, Emil
PublisherLuleå tekniska universitet, Institutionen för system- och rymdteknik
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.0022 seconds