This thesis describes the conceptual idea and implementation of a web based Public Key Infrastructure (PKI) called WebPKI. This solution is developed for QBITS Ltd., located in Embrach, Switzerland. The designed application can be used stand-alone or in a QBITS developed product.

The usage of insecure communication networks within the basic Internet Protocol demands specific solutions to ensure the security of reference data. WebPKI is a solution to manage asymmetric keys and X.509-certificates to encrypt, decrypt, sign and verify electronically. One of the main demands is to provide an user-friendly GUI. The complexity concerning the number of used keys to communicate with other person or systems is equal to its number of key pairs used for the different types of communication. WebPKI allows its users to keep an overview within the appliance.

To implement the solution the open source package OpenSSL by von Eric A. Young and Tim J. Hudson is used to manage X.509 certificates. In order to use OpenSSL functionality within Perl programming, the OpenCA Perl module by Massimiliano Pala covers most of the desired requirements. The implementation is established with using the OpenCA Perl module for the management of Root-CA-Certificate, Intermediate-Certificate and Client-Certificate. Individual features are assigned as follows: - Root-CA-Certificate (self-signed) can provide signing requests to establish mutual trusts to future communication partners, based on unique Client-Certificates.

• Root-CA-Certificate (self-signed) can provide signing requests to establish mutual trusts to future communication partners, based on unique Client-Certificates. - Intermediate-Certificates, signed by public certification authoroties can be included. These are issued by companies like VeriSign or Entrust or a government department. This concept raises the mutual trust to a higher hierarchical level. It is feasible to use them instead of Root-CA-Certificate. - For daily usage so called Client-Certificates are managed. These are intended to encrypt, decrypt, sign and verify reference data transferred electronically between communication p