Conferences & Events
Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Developing a Certification Authority for PKI at Virginia Tech
Saturday, January 1, 2011
Virginia Tech began to explore how to integrate digital certificates into our infrastructure services after the Commonwealth of Virginiaâ€™s Council on Technology Servicesâ€™ Privacy, security, and Access work group initiated discussions on digital signatures and public key infrastructure (PKI) in 1999. Virginia Techâ€™s Information Resource Management department conducted research on PKI and smart card technologies, with pilot projects that evaluated commercial software from Baltimore Technologies, Entrust, VeriSign, Microsoft, and open source solutions using OpenCA. Smart cards and tokens were tested from companies including Gemplus, Schlumberger, Dallas Semiconductor, Axalto, Maganet, and Aladdin. The research and pilot projects resulted in the establishment of the Virginia Tech Certification Authority (VTCA) in 2003.
The initial VTCA used OpenCA software on a combination of IBM and Dell servers running RedHat linux, with a hardware security module (HSM) certified at FIPS 140-2 Level 3. This infrastructure was upgraded in August, 2010, to use the Enterprise Java Beans Certificate Authority (EJBCA), running on Dell servers. EJBCA is an Enterprise class Open Source PKI certificate authority built on JEE technology. The transition to EJBCA and the addition of another production HSM to provide failover capability gave Virginia Tech the ability to scale its PKI to a 24x7 operation to meet the universityâ€™s growing demand for digital certificates.