Hi:
We are planning to upgrade our version of OpenCA. We run the setup of an
off-line CA and on on-line RA. We were just about to connect the off-line
machine to the network to make the upgrade easier, but before doing so we
decided to "sweep" the machine for copies of the CA private key. (of course, we
deleted the main copy of the CA key). And to our surprise, we find many copies
of the CA private key in the OpenCA tmp directory,
/usr/local/openca/var/openca/tmp.
I have several questions and concerns;
So, is this normal, or have we mis-configured the off-line machine?
If it's a feature, is it safe to delete the keys in tmp, or are they needed?
If they are needed for some future purpose, do we need to restore them once we
put the machine off-line again?
This would appear to be a secure problem. If people don't know there are copies
of the private key floating around.
Lastly, we are planning to install an eToken USB key, I am assuming this would
"fix' this problem, since the key would no longer be available.
Roger
Dr. Roger W Impey
Research Officer, HPC Systems and Applications, Research Computing Support
(Ottawa)
NRC Information Management Services Branch
100 Sussex Drive
Sussex Room 2025
Ottawa, ON K1A 0R6
Phone (613) 991-6974
Fax (613) 993-3127
roger.im...@nrc-cnrc.gc.ca<mailto:roger.im...@nrc-cnrc.gc.ca>
Preferred Language: English
------------------------------------------------------------------------------
Gaining the trust of online customers is vital for the success of any company
that requires sensitive data to be transmitted over the Web. Learn how to
best implement a security strategy that keeps consumers' information secure
and instills the confidence they need to proceed with transactions.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
