Specifications
Authentication Using Certificates
92 AVM Access Server – 5 AVM Access Server Concepts and Functional Principles
Asymmetrical Encryption Techniques
Asymmetrical or “public key” encryption techniques do not use the
same key for encryption and decryption. Rather, a pair of keys is re-
quired with the following properties:
Neither key can be reconstructed from the other.
Either key can be used for encryption, but a string encrypted with
one key can only be decrypted with the other key.
One key is made publicly available, while the other is kept strictly se-
cret.
Certification Authorities in the AVM Access Server
Certification authorities can be created can in the “Security” folder in
the AVM Access Server window. These certification authorities can
then issue digital certificates for remote users and remote networks.
The creation of a certification authority entails the generation of a
“root certificate”, which is shown on the “Trusted Certification Au-
thorities” dialog page in the “Security / Certificate management”
folder.
The AVM Access Server trusts only those certification authorities
for which a root certificate is present.
In authentication of remote VPN sites, the Access Server only ac-
cepts certificates issued by a trusted certification authority.
If you want the Access Server to accept certificates issued by an exter-
nal certification authority, then you must import the public part of its
root certificate.
Certificates in the AVM Access Server
The certificates used in the AVM Access Server are digital public-key
certificates in conformance with ITU-T Recommendation X.509. The cer-
tificates are saved for export in the standard PKCS#12 format.
A certificate consists of:
a list of properties of the applicant (i.e., the remote user or net-
work)
a public key
the digital signature of the certification authority