Business Processes

The following processes are tasks that arise when managing resources and processes for administrators of the {project-name} via the {project-name} GUI.

The {project-name}-UI provide methods for

  • Management of certificate templates

  • Connection management with Hardware Security Modules (HSMs)

  • Creation and deletion of different HSM Users.

  • Creation and management of CAs and SubCAs.

  • Download of CA certificates.

The necessary identification and authentication against the {project-name} application is outlined in the following process steps:

P-MLCA-ADM -01 – Login in to the {project-name}

To set the administrator (or client password), a BCrypt Hash has to be created and set into the application.properties as the representative value for minica.admin.password (or minica.client.password).

After those steps, the login can proceed:

Table 1. Process steps: Log in to the {project-name} UI
Process steps

01

Call the URL of the {project-name} application with the browser (<server-address>:8081/minica), e.g.

192.168.138.3:8081/minica

02

Log in with the representative username and password. Click on the ‘OK’ button to log in with the selected values.

P-MLCA-ADM-02 – Certificate Templates (Create, Modify, Delete)

Table 2. Profile: Certificate Templates (Create, Modify, Delete)
Profile

Designation

P-MLCA-ADM-02 – Certificate Templates (Create, Modify, Delete)

Purpose

For a flexible and efficient management of certificates, the {project-name} is capable of preparing certificate templates.

Responsibility

{project-name}-ADMIN

Working tool(s)

Browser, {project-name}-UI web application for the {project-name} Admin and Client

Precondition/
input

The {project-name} is up and running.

The administrator is logged into the {project-name} UI.

The user has to be on the template website (see Table 3 step 1)

Postcondition/
output

  • A new certificate template was created.

  • A certificate template was modified.

  • A certificate template was deleted.

Remarks

The {project-name} is able to provide certificate templates for either CAs as well as End-Entity certificates.
Table 3. Process steps: Certificate Templates (Create, Modify, Delete)
Process steps

01

Displaying the certificate template object List

  1. Select the “Templates” item to switch to the certificate templates overview.

02

Follow these steps to create a certificate template (see Image 2):

  1. Click on "Create" to generate a new template. This step will direct you to the template creation page;

  2. Enter a name for the template;

  3. Select the type of your template (“CA” or “End-Entity”);

  4. For an End-Entity certificate, proceed with step 5. For a CA certificate click on the “Algorithm” field and select an algorithm (e.g. RSA), key length (e.g. 1024) and the signature algorithm (e.g. SHA_512_WITH_RSA).

  5. Additional extensions can be added by selecting the Button “Add extensions”. A OID and a value have to be set. A checkbox can be selected to mark the extension as critical. Additionally, a description can be added. To delete the extension, click the respective “Delete” button.

  6. Afterward, the creation of the template can be finished by clicking the “Save” button or discarded, by clicking on “Reset”.

The AKI and SKI extensions are set up by default for all Templates and do not need to be configured separately here.

03

To edit a certificate template, follow these steps:

  1. Choose the template you want to modify from the template list and click on the “Edit” button.

  2. Change the respective value und click “Save” to save the process, or “Reset” to discard.

04

For the deletion of a certificate template, follow these steps:

  1. Choose the template you want to delete from the template list and click on the “Edit” button.

  2. Click on the “Delete” Button to delete the template.

  3. A pop-up window occurs. Click “OK” to delete the template or “Cancel” to return back to the previous view.
Figure 1 "Create certificate template" : click to reveal screenshot
create template

P-MLCA-ADM-03 – HSMs (Create, Modify, Delete)

Table 4. Profile: HSMs (Create, Modify, Delete)
Profile

Designation

P-MLCA-ADM-03 – HSMs (Create, Modify, Delete).

Purpose

To ensure a high level of entropy for the key generation and for the secure storaging of the private key material, the {project-name} is capable of managing different Hardware Security Modules (HSMs).

Responsibility

{project-name}-Administrator

Working tool(s)

Browser, {project-name} UI web application for {project-name}-Admin.

Precondition/
input

The {project-name} platform is up and running.

The administrator is logged into the {project-name} UI.

An HSMs is running and responsive.

The user has to be on the HSM’s website (see Table 6 step 1)

Postcondition/
output

  • A new HSM connection was created.

  • An HSM connection was modified.

  • An HSM connection was deleted.

Remarks

The {project-name} supports the following HSMs:

  • Utimaco

  • Utimaca eID

  • (Java Keystore)
Table 5. Process steps: HSMs (Create, Modify, Delete)
Process steps

01

Displaying the HSM object List

  1. Select the “HSMs” item to switch to the HSMs overview.

02

Create a new HSM by following these steps (see Image 3):

  1. Select the button “Create”;

  2. Type in a name for the HSM;

  3. Select your HSM type from the Drop-Down Menu “Type”;

  4. Type in a location for your HSM (e.g. Darmstadt);

  5. Add the address of your HSM;

  6. Add an entity for the HSM;

  7. If necessary add a user by clicking the “Add HSM user” button;

  8. Add the respective User-ID and select the User-Type and the Authentication method. At last set the password for the user. Click on the “Delete” button to erase the HSM user.
    (For KeystoreHSMs: there should be exactly 1 KeyManagementAndUsage user)

  9. Click “Save” to store the HSM connection or click “Reset” to extinct the input;

  10. To verify your HSM connection, click “Verify HSM connection”.

03

To edit an HSM connection, follow these steps:

  1. Select the HSM connection you want to modify by clicking on the respective “Edit” button.

  2. Change the respective value und click “Save” to save the process, or “Reset” to discard.

04

For the deletion of an HSM connection, follow these steps:

  1. Choose the HSM connection you want to delete from the HSM list and click on the “Edit” button.

  2. Click on the “Delete” Button to delete the HSM.

A pop-up window occurs. Click “OK” to delete the HSM connection or “Cancel” to return back to the previous view.
Figure 2 "Create HSM" : click to reveal screenshot
create hsm

P-MCLA-ADM-04 – CAs (Create, Modify, Delete, Download Certificate)

Table 6. Profile: CAs (Create, Modify, Delete, Download Certificate)
Profile

Designation

P-MCLA-ADM-04 – CAs (Create, Modify, Delete)

Purpose

The {project-name} is capable of creating and managing CAs, SubCAs and their respective certificates. Certificates can also be downloaded through the {project-name} UI.

Responsibility

{project-name} Administrator

Working tool(s)

Browser, {project-name} UI web application for {project-name} Admin.

Precondition/
input

The {project-name} is up and running.

The administrator is logged into {project-name} UI.

The user has to be on the CA’s website (see Table 8 step 1)

Postcondition/
output

  • A new CA or SubCA has been created.

  • an existing CA or SubCA has been modified.

  • An existing CA or SubCA has been deleted.

  • A certificate of a CA or SubCA has been downloaded.

Remarks

None
Table 7. Process steps: CAs (Create, Modify, Delete, Download Certificate)
Process steps

01

Displaying the CAs object List

  1. Select the “CAs” item to switch to the CAs overview.

02

Create a new CAs by following these steps (see Image 4):

  1. Select the button “Create”;

  2. Type in a name for your CA;

  3. Select the type of your CA. For the creation of a Root-CA move on to the next step. If you’re going to create a SubCA, add the respective Root-CA for the signing of your certificate;

  4. Select an HSM;

  5. Select the respective certificate template.

  6. Select the duration of the certificate’s validity.

  7. Type in your Distinguished Name.

  8. Add an optional URL for the CA.

  9. Click “Save” to store the HSM connection or click “Reset” to extinct the input.

03

To edit a CA or a SubCA, follow these steps:

  1. Select the CA you want to modify by clicking on the respective “Edit” button.

  2. Change the respective value und click “Save” to save the process, or “Reset” to discard

04

For the deletion of a CA, follow these steps:

  1. Choose the CA you want to delete from the CA list and click on the “Edit” button.

  2. Click on the “Delete” Button to delete the CA.

A pop-up window occurs. Click “OK” to delete the CA or “Cancel” to return back to the previous view.

05

To download a certificate, follow these steps:

  1. Choose the CA with the necessary certificate you want to download, from the CA list and click on the “Edit” button.

  2. Click on "Download" to save the certificate as a .pem file.
Figure 3 "Create CA" : click to reveal screenshot
create ca