Chapter 4. General implementation overview

Table of Contents
Initialisation of the Certification Authority
User/Server key generation and signing

We give a technical overview of the processes of creating a certificate and operating a Certification Authority.


We shall discuss here the software needed to create a usable Certification Authority.

Useful open–source software

The following software can provide the collective functionality of a Certification Authority.

  • For the Certification Authority Server, any operating system can be used. In case it communicates manually with the Registration Authority (for example, data files are transfered using a floppy disk), it does not even need to have network support. However, it is recommended to use operating systems that provide some sort of assurance of its stability and can have irrelevant system or network services easily removed. We recommend Unix™ or Unix™–like operating systems.

  • SSL/TLS software

  • WWW server with SSL/TLS support

  • LDAP server

  • Text/Graphical Interface, possibly in Java/HTML


The PKIX standards do not suggest nor forbid the use of a WWW server for the role of a CA/RA. To remove the need to create standalone network applications for both the CA and RA, it is possible to use individual WWW servers operated by designated Operators.