| The PKI (Public Key Infrastructure) technology based on public key is already proved to be an effective infrastructure, which can provide confidentiality, integrity, authentication and non-repudiation for all kinds of internet applications. The core of PKI is the certificate and the owner’s asymmetric keys included in the certificate, so the validation of certificate is one of the most important components of the PKI technology.The traditional method of certificate validation is to use CRL (Certificate Revocation List). Although there have some more applicable solutions for CRL, the OCSP (Online Certificate Status Protocol) is more suitable for some sensitive and important applications, such as online E-commerce which needs online certificate status to provide real time security.NetCA is a certificate authenticate platform for Guangdong Electronic Certificate Authority. NetCA aims to provide online certificate confidence service for E-Commerce applications in Guangdong province. The OCSP component is designed and implemented by the author as an important part of NetCA. It is to provide OCSP implementation, programming interface for end users, and high performance online certificate validation service for E-commerce applications. This gives a high performance OCSP implementation based on the requirements of Guangdong Electronic Certificate Authority and OCSP standard. The high performance is implemented by pre-signature, multithread and master-slave distributed response model, putting the interface on popular web server in CGI format. In this way, it can provide concurrent and persistent online certificate validation. The design, implementation and test for this solution are illustrated in this article... |
PDF Full Text Request