topic Re: Experienced at VMS, new to certificate environment in Operating System - OpenVMS

Experienced at VMS, new to certificate environment

Richard W Hunt — Wed, 16 May 2007 10:42:24 GMT

I am at a site trying to convert to use of USA Dept of Defense PKI-based certificates. We have OpenVMS 7.3-2 with all patches through this month. TCPIP 5.4 ECO6. We haven't loaded any certificates yet.

Our user environment is based on a Windows domain that requires PKI/ Computer Access Card (CAC) to log in. User will connect to our OpenVMS box using Reflections, probably v11 or later. They have an SSH mode of operation, which we will of course test for compatibility.

I have read over the OVMS documentation set but merely confused myself. Can someone comment on any success they have had with a similar environment and perhaps offer a short bullet list of steps I'll need to make this puppy work?

Re: Experienced at VMS, new to certificate environment

Hoff — Wed, 16 May 2007 11:30:16 GMT

You'll need to acquire or to create the software needed to tie OpenVMS into the authentication. That's probably the most central key piece of this all, and it depends on what sort of distributed authentication is being used.

Certificates for SSH allow the client and the server to be tied together and authenticated, but don't (out of the box) involve token-based authentication.

Software "behind the scenes" and usually based on or tied into ACME can allow this distributed authentication. If that's via LDAP, all the better, as that's available.

Some reading material, if you have not already seen it: http://h71000.www7.hp.com/solutions/mail.html
http://h71000.www7.hp.com/openvms/security.html

Re: Experienced at VMS, new to certificate environment

Ian Miller. — Wed, 16 May 2007 15:07:57 GMT

Re: Experienced at VMS, new to certificate environment

Richard W Hunt — Wed, 23 May 2007 09:37:07 GMT

OK, let's say I'm interested in getting as close as I can to the above stated environment. There are ways of getting waivers on the fine details if I can get close. So...

How close can I come starting from out of the box and without buying any more software than minimally necessary? If I have a working SSH client and some certificates on the box, can I at least get SOME level of certificate usage activated?

Re: Experienced at VMS, new to certificate environment

Richard W Hunt — Fri, 07 Dec 2007 17:59:00 GMT

Update: Between the SSH utilities and OpenSSL 1.3 I am able to get pretty close. The project was put on hold so I have left it behind for a while. Other upgrades and migrations to different platforms and just generally chaotic operations. A normal Navy day. But after 1/1/08 we will be getting back to this topic. I'll close this post and start a new one when I get somewhere.

Re: Experienced at VMS, new to certificate environment

Richard W Hunt — Fri, 07 Dec 2007 17:59:41 GMT

Closing thread - I'll create a new thread when I need one.