Design and implementation of a private certificate authority: a case study of Telkom Kenya limited

Abstract

Public Key Infrastructure (PKI) provides confidentiality and integrity to an enterprise and its customers. Applications accessed through corporate network needs to be protected when in transit and hence the need for a Certificate Authority (CA). Most enterprises currently purchase digital certificates from other Certificate Authorities, for instance Comodo, Symantec, Digicert, Thwate, GoDadddy, etc. Others purchase through third parties for instance Cloud Productivity Solutions in Kenya who then get their digital certificates from GeoTrust. These certificates are used to guarantee secure communication when accessing services on servers within an organization. The main challenge of buying of the certificates is the high purchase cost of single or Subject Alternative Name (SAN) certificates. By having their own Certificate Authority, digital certificates would cost less and give an enterprise the means to control large numbers of Digital Certificates for SSL, authentication, document signing, S/MIME (Secure/Multipurpose Internet Mail Extensions) and other usages of digital signatures. This implies that costs would be reduced by generation of enterprise-owned digital certificates instead of purchasing them. By understanding the current infrastructure in place, a CA was created for generation distribution and revocation of SSL certificates. This would replace purchasing of certificates signed by other public Certificate Authorities. This dissertation sought to design, develop and implement a comprehensive CA as per the X.509 standard for the purpose of generation of certificates for internal use for corporates and selling of the same to generate revenue so as to cut on costs incurred on purchase of digital certificates. Also a proof of concept of a private CA was used to validate the certificate authority with security of the Certificate Authority being considered.