11 May 2018
10:45 - 11:15
Ottawa Salon 212
A Case Study on Certification and Audit of Open Source Security Software (S31a)
EJBCA project started in 2001. Now it its 6th major version, it is used worldwide for variety of use-cases. We share experiences of Common Criteria EAL4+ certification of an open source software, and look at value of CC certification in practice, putting in broader context of audit standards such as eIDAS/ETSI, CA/B forum or WebTrust. We look also at integration with FIPS-140-2 certified HSMs using PKCS#11, and discuss some examples where static nature of certifications is insufficient in practice.