ICTA has set up a Certification Authority to facilitate trusted electronic communications within the Government of Sri Lanka. Lanka Government Network Certificate Authority (LGNCA) is designed to facilitate the digital certificate requirements of public sector organizations in Sri Lanka. LGN-CA will issue digital certificates to organizations after following a specified request validation and approval procedure. This procedure will determine if an organization or a user requesting a digital certificate is eligible for such a facility under the LGN. It is expected that an LGN-CA issued digital certificate will become a principal requirement for accessing a wide range of services offered on the LGN.
A digital certificate issued by LGN-CA can be used in many software applications to provide confidentiality through encryption, authenticity and non-repudiation through digital signatures, identification and authorization through authentication protocols, shared secret key distribution for secure session management, etc. Applications provided on the LGN can use these security services to ensure privacy of users on LGN, data protection and compliance with the law as specified in Electronic Transactions Act and Computer Crimes Act.
The public key infrastructure (PKI) capabilities provided by LGN-CA including digital certificate issuance, renewal, revocation and status verification can be used to implement access control policies to resources hosted on the LGN. The LGN-CA operating model is based on providing different types of digital certificate classes to match different organizational policy requirements.
LGN CA will issue different classes of certificates. These classes will depend on the usage of the certificate.
-
Server Certificates: Server certificates will be issued to Government and Private sector organizations for their systems. These certificates will be used in the application servers of their organization such as its web site, file or mail servers. As LGN will host many web based applications, availability of digital certificates is especially important to web servers in their operation for setting up secure sessions and transfer of data.
As one of LGN-CA’s first services, it November 2009, it started issuing server certificates for all the Insurance companies and Emission centre as “eRevenue Licence” eGovernment Service went on-line. eRL has enabled citizens to obtain the vehicle revenue license by completing all requirements and payments as a web service using the country portal - www.srilanka.lk
-
User Certificates: These certificates will be issued to individual users of the LGN
for authentication, signing and encryption of email and digital documents. Individual user certificate may be used for other purposes, provided that a relying party is able to reasonably rely on that certificate and the usage is not otherwise prohibited by law.
LGN Certificate Authority is planning to enable GoSL Officials with the ability to encrypt and digitally sign documents and e-mails in the near future in compliance with the Electronic Transaction Act and eGovernment Policy.
Current Issues
Ideally the CA process should work as follows.
Certification authority (CA) certificates are certificates that are issued by one CA to another CA. These CA certificates become a part of the certificate trust hierarchy, the certificate path from end-entity certificates to the trusted root CA certificate.
The first CA certificate issued in a public key infrastructure (PKI) is a root certificate, issued by a CA to itself. Once a root CA has been created, it can be used to issue, sign, and validate CA certificates that are issued to other CAs.
However LGN CA certificate is yet to be issued and signed by a parent CA.
(In Sri Lanka there are more Certifications Authorities facing the same issue. i.e. Lanka Clear - LANKASIGN ).
Sri Lanka is yet to create its National Level CA which should ideally issue the certificates to LGN CA and LANKASIGN CA and sign those certificates with its root certificate.
Once National CA is created it should sign the certificates of LGN CA and LANKASIGN CA and then inform all international CAs and web browser developers to accept and include its certificate in their products. Once Sri Lankan National CA certificate is accepted by those entities LGN CA would be automatically accepted by all browsers as its parent CA would have already been accepted by then.
Until then there would be problems such as web browsers showing the messages similar to "This connection is untrusted" or "There is a problem with this web site's security certificate" when the web applications which use LGN CA certificates are accessed. Therefore the citizens using the online solutions such as eRevenue License solution which have been certified by LGN CA will get the same warning message. eRevenue License online application users are advised to go through the attachment which explains how to overcome this temporary issue. It can be found at the bottom of this page"
Some useful links on CA:
http://en.wikipedia.org/wiki/Certification_authority
http://technet.microsoft.com/en-us/library/cc737264%28WS.10%29.aspx
http://www.lankaclear.com/inpages/news/a_milestone_in_the_financial_industry.shtml
http://www.icta.lk/si/policy-leadership-and-institutional-development/584-lankasign-certificate-authority-launched.html"
| File | Description | Order | File size |
|---|---|---|---|
 Instructions for adding LGN certificates | Instructions to overcome issues related to web browsers not accepting LGN certificates | 373 Kb |
Share Link: 
