تويت
whatsapp:00966554873382
whatsapp:00966551597560
Part I (40 marks)
Web servers often provide their users with secure access to the hosted web applications in order to gain more trust and protect the different transactions from potential attacks. Web servers use digital certificates for this purpose.
In this part, you will select any secure web site (using https protocol) and download the web server certificate for further analysis. You shall follow the below steps:
1- Select a secure website of your choice (you should provide the URL of the website in your report)(2 marks)
2- Download the digital certificate of the server hosting the website using your browser(3 marks)
3- List the following about the certificate
a. Certificate version(1 mark)
b. Certificate holder information(2 marks)
c. Certificate issuer information(2 marks)
d. Validity date (2 marks)
e. Certificate usage: for what purpose the public key included in the certificate can be used(4 marks)
4- As you can notice, the certificate includes a number of extensions.
a. Identify five extensions in the certificate(5 marks)
b. Explain each extension and how it can be used(10 marks)
5- The web browser needs to make sure that a certificate is valid before using it. Explain three aspects that indicates whether a certificate is valid or not(9 marks)
The deliverables of this part (part I) are:
1- A report that explains how you generate each certificate
o you should take screenshots of each step that clearly shows the inputs.
o The screenshot should be clear and at the same time you should not use a very high resolution in order to keep the size of the TMA file reasonable.
o You should explain the choices you have taken in each step in particular regarding the choice of extensions for each certificate.
2- The certificateof the secure server you have selected. The question will not be validated if the file is not uploaded along with the TMA
Part II (60 marks)
In this part, you will generate the certificate hierarchy illustrated in Figure 2. A quick internet search can easily show the availability of several tools for creating and managing CAs (sometimes referred to as Public key infrastructure management tools). In this TMA, you will be using a simple CA tool named xCA[1] [1].
In order to construct the CA hierarchy, the following steps needs to be followed:
1- Generation of a self-signed certificate for the Root CA (HQ CA)
2- Generation of a certificate for the CA of the AOU branch. This certificate is signed by the root CA certificate.
3- Generation of a certificate for the the ITC department CA at the AOU branch. This certificate is signed by the CA of the AOU branch.
4- Generation of a certificate for your self to be used by the SSL client in your browserfor financial transactions. This certificate is signed by the the the ITC department CA at your AOU branch.
The generation of a certificate consists of the following steps:
1- Generation of a key pair (public/private)
2- Generation of certificate signing request (CSR) that includes all the necessary information about the certificate subject (the entity requesting the certificate) in addition to further information, in particular the requested certificate extensions.
3- Signature of the certificate by the certification authority (or self-signature in the case of root CA)
While doing the abovementioned steps, the following shall be taken into account:
1. The public key algorithm is RSA
2. The key sizes should be at least 4096 bits for the root CA, 2048 bits for the intermediate CA and 1024 for users.
3. The information for each certificate shall be clear and significant; for instance, use appropriate common names for the certificate subject information (e.g., CA-HQ as a common name for the root CA)
4. The extensions for each certificate shall be carefully selected for the certificate usage; certificate extensions might differ between root certification authority, intermediate certification authorities and user certificates.
5. All the certificates shall be exported and saved in DER format with file extension (.crt)
6. The naming for the certificate shall be done as follows:
a. Root CA certificate: CA-AOU-ROOT-(StudentName)-(StudentID) where (StudentName) and (StudentID) needs to be replaced by your name and your ID
b. AOU branch CA: CA-AOU-(BranchName)-(StudentName)-(StudentID) where (BranchName) should be replaced by the short name of the country of the AOU branch in which you are enrolled (KSA, LB, OM, KW, BH, EG, JO)
c. AOU ITC department CA: CA-AOU-(BranchName)-ITC-(StudentName)-(StudentID)
d. Your certificate: (StudentName)-(StudentID)
[1]xCA user’s manual can be found at : http://xca.sourceforge.net
whatsapp:00966551597560
Part I (40 marks)
Web servers often provide their users with secure access to the hosted web applications in order to gain more trust and protect the different transactions from potential attacks. Web servers use digital certificates for this purpose.
In this part, you will select any secure web site (using https protocol) and download the web server certificate for further analysis. You shall follow the below steps:
1- Select a secure website of your choice (you should provide the URL of the website in your report)(2 marks)
2- Download the digital certificate of the server hosting the website using your browser(3 marks)
3- List the following about the certificate
a. Certificate version(1 mark)
b. Certificate holder information(2 marks)
c. Certificate issuer information(2 marks)
d. Validity date (2 marks)
e. Certificate usage: for what purpose the public key included in the certificate can be used(4 marks)
4- As you can notice, the certificate includes a number of extensions.
a. Identify five extensions in the certificate(5 marks)
b. Explain each extension and how it can be used(10 marks)
5- The web browser needs to make sure that a certificate is valid before using it. Explain three aspects that indicates whether a certificate is valid or not(9 marks)
The deliverables of this part (part I) are:
1- A report that explains how you generate each certificate
o you should take screenshots of each step that clearly shows the inputs.
o The screenshot should be clear and at the same time you should not use a very high resolution in order to keep the size of the TMA file reasonable.
o You should explain the choices you have taken in each step in particular regarding the choice of extensions for each certificate.
2- The certificateof the secure server you have selected. The question will not be validated if the file is not uploaded along with the TMA
Part II (60 marks)
In this part, you will generate the certificate hierarchy illustrated in Figure 2. A quick internet search can easily show the availability of several tools for creating and managing CAs (sometimes referred to as Public key infrastructure management tools). In this TMA, you will be using a simple CA tool named xCA[1] [1].
In order to construct the CA hierarchy, the following steps needs to be followed:
1- Generation of a self-signed certificate for the Root CA (HQ CA)
2- Generation of a certificate for the CA of the AOU branch. This certificate is signed by the root CA certificate.
3- Generation of a certificate for the the ITC department CA at the AOU branch. This certificate is signed by the CA of the AOU branch.
4- Generation of a certificate for your self to be used by the SSL client in your browserfor financial transactions. This certificate is signed by the the the ITC department CA at your AOU branch.
The generation of a certificate consists of the following steps:
1- Generation of a key pair (public/private)
2- Generation of certificate signing request (CSR) that includes all the necessary information about the certificate subject (the entity requesting the certificate) in addition to further information, in particular the requested certificate extensions.
3- Signature of the certificate by the certification authority (or self-signature in the case of root CA)
While doing the abovementioned steps, the following shall be taken into account:
1. The public key algorithm is RSA
2. The key sizes should be at least 4096 bits for the root CA, 2048 bits for the intermediate CA and 1024 for users.
3. The information for each certificate shall be clear and significant; for instance, use appropriate common names for the certificate subject information (e.g., CA-HQ as a common name for the root CA)
4. The extensions for each certificate shall be carefully selected for the certificate usage; certificate extensions might differ between root certification authority, intermediate certification authorities and user certificates.
5. All the certificates shall be exported and saved in DER format with file extension (.crt)
6. The naming for the certificate shall be done as follows:
a. Root CA certificate: CA-AOU-ROOT-(StudentName)-(StudentID) where (StudentName) and (StudentID) needs to be replaced by your name and your ID
b. AOU branch CA: CA-AOU-(BranchName)-(StudentName)-(StudentID) where (BranchName) should be replaced by the short name of the country of the AOU branch in which you are enrolled (KSA, LB, OM, KW, BH, EG, JO)
c. AOU ITC department CA: CA-AOU-(BranchName)-ITC-(StudentName)-(StudentID)
d. Your certificate: (StudentName)-(StudentID)
[1]xCA user’s manual can be found at : http://xca.sourceforge.net
تعليق