 |
|
|
|
|
|
|
Home |
Search
|
Sitemap
|
Feedback
|
Cesky
|
| Company | Products | Services | |||||
|
|
|
| OfficeLine 3.0 |  |
| Applications | | Security | | Hardware | | Case Studies |
 |
 | ||
| ||
| ||
| ||
| ||
| ||
| ||
| ||
OfficeLine PKI Connector is an auxiliary module of the OfficeLine system, which ensures the connection of an OfficeLine server to an external certification authority or to a Public Key Infrastructure. The module is especially suited to cooperate with the OfficeLine Corporate Banking and OfficeLine WWW modules.
Integration with Other Modules
OfficeLine PKI Connector allows replacing the internal OfficeLine key management with an external certification authority and using it within the OfficeLine Corporate Banking and OfficeLine WWW modules.
Principle of OfficeLine PKI Connector Module Operation
The basic infrastructure of OfficeLine 3.0 includes internal mechanisms for the management of RSA keys. OfficeLine distinguishes between "system" keys, which are used for the authentication of communicating parties, and public keys used to digitally sign messages. OfficeLine PKI Connector allows replacing those internal mechanism with a module used for the integration with a PKI system (such as Baltimore UniCERT or Entrust Authority). It is possible to perform the transfer even with a current installation, with no need to re-install all the clients at the same time.
Public system RSA keys are replaced with system certificates issued by a CA and personal certificates issued by the CA are used instead of public personal RSA keys. If a client that uses OfficeLine Mail communicates over the Internet, it is also possible to ensure on-line confirmation of the certificates within the OfficeLine 3.0 Klient environment by the certification authority of the server owner. However, as a standard, this function is unnecessary for the operation of OfficeLine with PKI.
The following table shows the responsibility for generating RSA keys and certificates:
|
Type of certificate
|
Issued by
|
|
Server system certificate
|
The private and public RSA keys are generated by an operator within the OfficeLine 3.0 Server environment, or in other third-party software—for instance in a corresponding module of the used PKI system.
The certificate is issued by a CA based on the public key.
|
|
Client's system certificate
|
The private and public RSA keys are generated by an operator within the OfficeLine 3.0 Klient environment, or in other third-party software.
The certificate is issued by a CA based on the public key.
|
|
Client's personal certificate
|
It is advisable to change the certificates and corresponding private keys regularly—typically once a year.
The OfficeLine 3.0 Server and OfficeLine 3.0 Klient programs automatically ensure the exchange of certificates between them. Certificates are verified using a parent certificate of the CA issuing the certificates. It is possible to use an internal CA of the server owner or a public certification authority (such as VeriSign or Thawte).