Professional Documents
Culture Documents
MUPCACP
MUPCACP
. 1.0
, 2010.
______________________________________________________________________________________
1. ...............................................................................................................................- 4 -
1.1 ................................................................................................- 4 -
1.2 ..........................................................................- 6 -
1.3 MUP CA.............................................................................- 6 -
1.3.1 MUP CA.........................................................................................................................- 7 -
1.3.2 MUP CA...................................................................................- 7 -
1.3.3 .....................................................................................................................- 7 -
1.3.4 ................................................................................................................- 7 -
1.3.5 ............................................................................................................- 8 -
1.4 MUP CA............................................- 8 -
1.4.1 ................................................................- 8 -
1.4.2 ....................................................................- 8 -
1.5 MUP CA................................................- 8 -
1.5.1 ...............................- 8 -
1.5.2 ..............................................................................................................- 9 -
1.5.3 CP .....................................................- 9 -
1.5.4 CP .................................................................- 9 -
1.6 .........................................................................................- 9 -
2. .............................................- 15 -
2.1 .........................................................................................................- 15 -
2.2 .......................................................- 15 -
2.3 ........................................................................- 15 -
2.4 ....................................................................- 15 -
3. .......................................................- 17 -
3.1 ........................................................................................................................- 17 -
3.2 ...............................................................................- 17 -
3.3 .....................- 17 -
3.4 ......................- 18 -
4. ...........................- 19 -
4.1 ....................................................................- 19 -
4.2 ............................................- 19 -
4.3 ............................................................................................- 19 -
4.4 .........................................................................................- 20 -
4.5 .........................................- 20 -
4.6 ........................................................................................- 20 -
4.7 , ...................................................- 20 -
4.8 ..................................................................- 22 -
4.9 ..................................................................- 22 -
4.10 .....................................................................- 23 -
4.11 ........................................- 23 -
5. , ...................................- 24 -
5.1 ...............................................................................- 24 -
5.2 ...........................................................................................- 24 -
5.3 ............................................................................- 25 -
5.3.1 ......................................................................................- 25 -
5.3.2 ...........................................................................- 25 -
5.3.3 ...........................................................................................- 25 -
5.3.4 ...........................................................................................................- 25 -
2
______________________________________________________________________________________
5.3.5 ......................................................................................................- 26 -
5.3.6 ..................................................................- 26 -
5.3.7 ...........................................................................- 26 -
5.3.8 ......................................- 26 -
5.4 /...........................................................- 26 -
5.5 ..................................................................................................- 26 -
5.6 ........................................................................................................- 27 -
5.7 ................................................- 27 -
5.8 C R.....................................................................................- 28 -
6. ............................................................................- 29 -
6.1 ......................................- 29 -
6.2 ........................................................................................- 30 -
6.3 ............................................................- 31 -
6.4 .................................................................................................- 32 -
6.5 .............................................................................- 32 -
6.6 ..............................................- 32 -
6.7 ..............................................................- 32 -
6.8 .......................................................................................................- 32 -
7. CRL ......................................................................- 33 -
7.1 ..............................................................................................- 33 -
7.1.1 ..................................................................................- 33 -
7.1.2 Root CA MUP CA..............................................................- 34 -
7.1.3 Intermediate CA MUP CA................................................- 34 -
7.1.4 ...........................................................................- 34 -
7.2 CRL ....................................................................................................- 36 -
7.3 CSP ............................................................................................................- 36 -
8. .........................................- 37 -
9. .........................................................................- 38 -
9.1 ...........................................................................................................................- 38 -
9.2 .........................................................................................- 38 -
9.3 ...................................................................- 38 -
9.4 ................................................- 38 -
9.5 ..........................................................................- 39 -
9.6 ......................................................................................- 39 -
9.7 ..........................................................................................- 39 -
9.8 .......................................................................................- 39 -
9.9 .....................................................................................................................- 39 -
9.10 ..........................- 39 -
9.11 ..................................- 39 -
9.12 ..................................................................................................................- 40 -
9.13 ..............................................................................- 40 -
9.14 ..............................................................................................- 40 -
9.15 ................................................................- 40 -
9.16 .........................................................................................................- 40 -
9.17 .........................................................................................................- 40 -
10. ................................................................................................................- 41 -
3
______________________________________________________________________________________
5.
( 26/2008)
( 135/2004)
1.
(-ID)
(MUP CA)
.
, MUP CA
.
MUP CA
:
17.
( - ).
1.1
MUP CA ,
, :
- ,
-
/,
-
.
4
______________________________________________________________________________________
-ID ,
(SSCD).
-
(-ID ),
-
-
.
MUP CA
(eID ) PIN (password),
.
MUP CA ( :
) .
MUP CA :
1. - CP (Certificate Policy), ;
2. - CPS (Certificate
Practices Statement);
.
,
.
,
.
,
.
,
.
,
, ,
.
MUP CA :
- RFC 3647 Internet X.509 Public Key Infrastructure. Certificate Policy and
Certification Practices Framework
- ETSI TS 101 456 Policy Requirements for Certification Authorities Issuing Qualified
Certificates.
MUP CA
( : )
5
______________________________________________________________________________________
.
.
-
;
-
;
- ;
-
;
- (, ,
, ,
).
1.2
( CP Certificate
Policy) MUP CA
(-ID)
.
MUP CA
/ .
MUP CA :
MUP CA
101
11000
(Dname issuer):
C=RS
L= Beograd
O=MUP Republike Srbije
CN=MUPCA Root
1.3 MUP CA
PKI
MUP CA.
6
______________________________________________________________________________________
1.3.1 MUP CA
. MUP CA je
(CA). MUP CA
. , a (CP),
MUP CA CPS (Certificate Practice Statement),
MUP CA
.
,
(CRL Certificate Revocation List). MUP CA
.
MUP CA PKI
. :
- MUPCA Root,
- MUPCA Gradjani
- MUPCA Sluzbenici
- MUPCA Resursi
MUP CA
(-ID).
1.3.2 MUP CA
(RA Registration Authority) MUP CA.
, .
1.3.3
MUP CA.
.
1.3.4
, () /
(),
MUP CA ,
MUP CA.
7
______________________________________________________________________________________
.
,
CRL MUP CA
.
1.3.5
CP.
1.4 MUP CA
MUP CA.
1.4.1
MUP CA
.
- ,
- ,
- ,
- w (SSL ) online
,
- ,
- ,
- , .
1.4.2
CP.
1.5 MUP CA
CP.
1.5.1
MUP CA CP
,
.
8
______________________________________________________________________________________
1.5.2
K MUP CA CP :
email: dragoslav.stanizan@mup.gov.rs
1.5.3 CP
CP.
1.5.4 CP
CP.
1.6
:
, ,
( PIN
password).
C C ( )
C ( Rt C).
/
.
() ,
(),
.
(issuing C)
, C
( ) .
X.509
. URL CPS
.
(R)
/ ,
, (. R
9
______________________________________________________________________________________
( )
C). LR (Local Registration Authority) .
/
. ,
.
.
, ,
.
(SSCD
Secure Signature Creation Device)
.
.
,
,
;
( ) ,
.
,
, .
( ) ,
.
10
______________________________________________________________________________________
.
-
.
/ .
-
()
.
, backup- .
, .
, .
, ,
() (C) ,
.
Rt C subordinate/intermediate ,
C .
, , .
C.
11
______________________________________________________________________________________
.
(key pair) ,
, RSA .
(
X.509v3 )
,
,
.
,
,
().
() ,
,
.
,
.
.
.
:
, .
. ,
.
12
______________________________________________________________________________________
Hash
hash
(160, 224, 256, 374, 512 ( )).
(Object identifier)
.
/
C,
C (
, .).
CRL .
, .
, : , ,
, .
C
.
CA Certification Authority
RA Registration Authority
ID Identifikacioni Dokument
13
______________________________________________________________________________________
RFC Request For Comments
CP Certificate Policy
14
______________________________________________________________________________________
2.
,
, MUP CA.
2.1
MUP CA
online LDAP wb . MUP CA
.
MUP CA online
, CPS CP.
MUP CA
.
2.2
MUP CA
, :
MUP CA
.
, MUP CA
, ,
,
.
2.3
MUP CA
(CRL ), CPS .
2.4
MUP CA
:
15
______________________________________________________________________________________
- CA MUP CA
- CRL MUP CA
MUP CA
MUP CA , MUP CA
.
16
______________________________________________________________________________________
3.
MUP CA
/ / MUP CA
, .
MUP CA
.
3.1
, MUP CA
, X.500 distinguished .
MUP CA ,
. MUP CA
.
MUP CA .
MUP CA
Dname .
MUP CA ( ).
MUP CA trademark ,
,
.
3.2
MUP CA
.
3.3
CP.
17
______________________________________________________________________________________
3.4
,
RA
online a ( ,
PIN , , .).
, RA w
MUP CA. , RA MUP CA
.
/
/
( CPS) R
CA .
18
______________________________________________________________________________________
4.
4.1
/
.
R
.
4.2
/
.
R.
(
) (15 ).
MUP CA
.
4.3
, MUP CA
:
-
/
.
-
19
______________________________________________________________________________________
R,
CPS .
4.4
MUP CA
:
- onlin
,
-
,
- (15)
MUP CA, .
.
4.5
, :
-
MUP CA
(Key Usage
Enhanced Key Usage ).
-
MUP CA
.
CP CPS MUP CA.
4.6
CP.
4.7 ,
:
20
______________________________________________________________________________________
-
MUP CA R;
-
;
- ,
.
, MUP CA
.
R.
R.
. ,
,
.
MUP CA
CRL .
, ,
.
- ,
MUP CA R .
-
.
- ,
.
R.
.
R , MUP CA
:
- , , , ,
.
-
CP CPS .
- CP
,
21
______________________________________________________________________________________
,
.
-
.
,
R MUP CA .
online .
MUP CA
( RA )
CP, CPS .
R
. , MUP CA
.
online MUP CA
.
MUP CA ,
CP CPS .
MUP CA CRL .
,
.
4.8
CP.
4.9
MUP CA CRL .
online MUP CA
.
22
______________________________________________________________________________________
4.10
MUP CA,
.
- MUP CA
- MUP CA .
4.11
MUP CA
.
, ,
- .
(
) .
(-ID ).
23
______________________________________________________________________________________
5. ,
, MUP CA
, ,
, , audit- .
-
MUP CA
C CRL
C.
5.1
MUP CA
:
- MUP CA
.
.
-
,
. , MUP CA
,
,
, .
- .
- MUP CA .
- .
- . Backup
.
- .
5.2
MUP CA
,
PKI .
MUP CA
,
.
24
______________________________________________________________________________________
MUP CA
,
, .
/ MUP CA , , :
- ,
- ,
-
-
MUP CA
.
,
MUP CA
. , MUP CA,
. , /
.
, /
, .
5.3
5.3.1
MUP CA ,
,
. :
- ,
- ,
- .
5.3.2
MUP CA
,
.
5.3.3
MUP CA
C R.
5.3.4
, .
25
______________________________________________________________________________________
5.3.5
CP.
5.3.6
MUP CA
, ,
,
.
5.3.7
MUP CA.
5.3.8
MUP CA
, .
5.4 /
audit
.
, MUP CA :
- MUP CA
, ,
.
- MUP CA audit .
, MUP CA .
- Audit
.
- MUP CA backup- audit .
audit audit
.
5.5
MUP CA R .
MUP CA :
- MUP CA
,
26
______________________________________________________________________________________
,
.
- MUP CA MUP CA
MUP CA CPS , .
- :
-
.
- ,
.
- .
-
,
.
- backup- .
- .
-
.
-
, MUP CA R
. MUP
CA . MUP CA
R
. ,
MUP CA . MUP CA
.
5.6
MUP CA , CPS ,
CP.
,
C ,
C.
5.7
, MUP CA
,
MUP CA.
MUP CA
, , /
.
27
______________________________________________________________________________________
MUP CA ,
.
, MUP CA .
5.8 C R
, MUP CA:
-
, .
C.
- (.
) ,
.
-
.
- CP.
- ,
C
MUP CA
CP .
28
______________________________________________________________________________________
6.
MUP CA
(
PIN-, , .).
,
MUP CA ,
, , ,
, .
, .
, , .
6.1
MUP CA ,
.
MUP CA
CP. MUP CA ,
.
MUP CA Root
. MUP CA
. MUP CA
.
Root , MUP CA
SHA-1/RSA hash 4096
, 10 (
) 20 .
Intermdiate CA
, MUP CA SHA-1/RSA hash
2048 , 5
29
______________________________________________________________________________________
( )
10 .
MUP CA
, hash
.
6.2
MUP CA
C.
(HSM - Hardware Security Modules).
MUP CA
FIPS 140-2 L3. ,
.
MUP CA ,
,
.
MUP CA.
C
.
C C
.
HSM MUP CA
. MUP CA
.
HSM ,
MUP CA ,
,
CPS .
MUP CA .
MUP CA .
MUP CA
FIPS 140-2 L3.
MUP CA
, , .
.
30
______________________________________________________________________________________
MUP CA backup- CPS
.
MUP CA
.
MUP CA k n
.
( n ) MUP CA
.
.
,
.
,
( )
MUP CA. MUP CA
.
MUP CA
/
/ .
MUP CA
.
MUP CA ,
/.
6.3
MUP CA .
MUP CA
.
( 5 ).
31
______________________________________________________________________________________
6.4
MUP CA
MUP CA, PKI
(R, ).
6.5
MUP CA
PKI .
6.6
MUP CA .
6.7
MUP CA .
6.8
CP.
32
______________________________________________________________________________________
7. CRL
CRL MUP CA .
7.1
MUP CA MUP CA PKI :
- MUPCA Root
- MUPCA Gradjani
- MUPCA Sluzbenici
- MUPCA Resursi
MUP CA :
MUP CA
.
7.1.1
MUP CA :
7.1.4
MUP CA CPS
.
34
______________________________________________________________________________________
/ MUP CA
.
35
______________________________________________________________________________________
korienja kljua Email Protection (1.3.6.1.5.5.7.3.4)
QC (Qualified Certificate) OID ekstenzije (1.3.6.1.5.5.7.1.3) sa
statement ekstenzija standardnim vrednostima iz ETSI ESI TS
101 862 Qualified Certificate Profile
dokumenta, ukljuujui navoenje da je sertifikat
smeten na SSCD ureaju
OID Politike 1.3.6.1.4.1.33589.3.1.1.1
URL za CPS http://ca.mup.gov.rs
7.2 CRL
IETF PKIX RFC 2459, MUP CA CRL
:
- CRL ,
- CRL CRL .
7.3 CSP
CP.
36
______________________________________________________________________________________
8.
MUP CA / ,
CP. MUP CA
,
1999/93/C .
, MUP CA
, .
MUP CA CP,
CPS . MUP
CA .
37
______________________________________________________________________________________
9.
9.1
MUP CA MUP CA
.
MUP CA
.
9.2
CP.
9.3
CP.
9.4
MUP CA
CPS ,
.
MUP CA , ,
:
- ,
- .
MUP CA
.
,
.
MUP CA
MUP CA w / CP
CPS .
38
______________________________________________________________________________________
9.5
MUP CA
, w , ,
MUP CA, CP.
9.6
CP.
9.7
CP.
9.8
MUP CA
.
( ) MUP CA :
- .
- .
- CP.
-
.
-
, .
9.9
CP.
9.10
CP.
9.11
CP.
39
______________________________________________________________________________________
9.12
CP.
9.13
MUP CA
CP. (10)
CP, .
3 , ,
. , ,
.
,
CP,
.
9.14
CP
. MUP CA /
MUP CA
.
9.15
CP.
9.16
CP.
9.17
CP.
40
______________________________________________________________________________________
10.
- , . , . 135/2004
- , .
, . 48/2005
- RFC 3647 Request For Comments 3647, Internet X.509 Public Key Infrastructure,
Certificate Policy and Certification Practices Framework
- RFC 5280 Request For Comments 5280, Internet X.509 Public Key
Infrastructure / Certificate and CRL Profile
- MUP CA
41