PKI Project @ Princeton University At A Glance
Date: June 6, 2001
William J. Sproule, sproule@Princeton.EDU
Collaboration Services Group, Princeton University
Software and Hardware
Princeton University is deploying the iPlanet Certificate Management System, http://docs.iplanet.com/docs/manuals/cms.html, currently version 4.2 sp2. CMS is being deployed on three Sun Ultra 250’s; one each for the Registration Manager, Certificate Manager, and Data Recovery Manager. Clients will use Netscape Communicator 4.77 with Personal Security Manager 1.4.
We are currently testing Netscape Communicator with PSM 1.4 with dual-key certificates. This provides separate signing and encryption keys as well as requires the user to create a backup of the certificates when they are generated. We currently do not plan to generate keys directly for IE but have verified users can export and import their pair of keys from Netscape to IE for use within Outlook. Testing has included:
· LDAP authentication to obtain certificate
· Dual key generation using Netscape Comm 4.77 with PSM 1.4.
· Export and Import of keys to IE and Outlook.
· Key recovery requiring 3 of 5 administrators authorization.
· Automatic LDAP publishing of Certificates.
· Certificate Revocation and CRL LDAP publishing.
· CPS being reviewed by Princeton legal.
· Internal testing of Signed/Encrypted Email
· Internal testing of Authentication
· Health Services – Secure email between students and Health Services
· Office of the Dean of the Faculty – Secure and signed email between DoF and Visa office.
· Library-Treasurer – Secure and signed email.
· JSTOR - Authentication.
· Boise Cascade – Authentication.
· Certificate issued to Desktop Systems Council program participants.
· Sign new CA by CREN – Status: Waiting for new VP of computing to start.
· OCSP testing with CMS 4.2sp2
· Add CPS pointer in cert
· Create subordinate CA to issue short-lived user, anonymous, and pseudo-anonymous certificates for authentication and for vendor required payloads.