The Importance Of Certificate Issuance Of Life

Decent Essays
2.9 CERTIFICATE LIFETIME JPL has requested that its certificates have the following lifetimes: • Application (Server) certificate: 1 year (renew every 11 months) • Computer certificate: 1 year (renew every 10 1/2 months) • Mobile device certificate: 1 year (renew every 11 months) • Domain Controller: 1 year (renew every 11 months) • RA, LRA: 3 years (renew every 32 months) 2.10 COMPUTER, SERVER, AND MOBILE DEVICE CERTIFICATE ISSUANCE Information about certificate issuance is included in this architecture document. Computers, devices, and servers will be auto−enrolled using AS components hosted within the JPL network. Manual, queuing enrollment may implemented for certificate issuance if during a later phase. 3 PKI ENROLLMENT PROCESS…show more content…
For manual enrollments, CSRES−SCEP can be configured to queue requests that would require approval by the LRA for the certificate signed request. No longer requiring the reference number in the common name of the request simplifies the CSR creation. Figure 2 – Certificate Issuance for Macs and Devices Administrative Services CSRES−SCEP 3.3 CERTIFICATE REVOCATION USING THE ADMINISTRATION SERVICES The revocation of certificates issued by the WNES will be performed by an RA or LRA using AS as shown in Figure 3 below. Figure 3 – Certificate Revocation and User Deactivation using Administration Services 4 PRODUCTION PKI ARCHITECTURE 4.1 CONCEPTUAL MODEL Figure 4 represents a conceptual view of the JPL Production PKI hosted by Entrust Datacard MSO will be used in conjunction with JPL−locally hosted AS WNES and CSRES−SCEP components to enroll for computer and device certificates. Please note that this is a conceptual view; it is not intended to be a complete representation of all physical components in the Entrust Datacard environment. MSO components such as firewalls, routers, load balancers, etc. have been omitted from the figure. Figure 4 – JPL MSO Conceptual Architecture The following components will be hosted at the MSO facilities: 1. JPL Root CA: This will be a dedicated self−signed, off−line Root CA. It will write its CA data (e.g. CA
Get Access