Manualshelf

Specifications

ManualsBrandsAVM ManualsSoftwareAccess Server englisch
919293949596979899100
Authentication Using Certificates
AVM Access Server – 5 AVM Access Server Concepts and Functional Principles 93
When a certificate is issued, a key pair is generated consisting of a
public and a private key. The public key is a component of the certifi-
cate, while the private key is given to the applicant alongside the certif-
icate in the PKCS#12 file.
The AVM Access Server manages all the certificates issued by its certifi-
cation authorities, along with their key pairs, in an internal list. Each
certification authority’s certificates are listed on its “Certificates
Issued” dialog page.
The certificates listed can also be revoked, and are then added to the
issuing certification authority’s certificate revocation list, or CRL. Re-
voked certificates can no longer be used for authentication. Revocation
of a certificate is irreversible.
Authentication Using Certificates with the AVM Access Server
When a remote user or a remote network presents a certificate to the
AVM Access Server to authenticate itself for a VPN connection, the AVM
Access Server performs the following tests:
Does the remote site possess the private key that matches the
certificate?
Is the certificate valid?
The first question is answered by the following test:
1. The AVM Access Server sends the remote system a random string.
2. The remote system generates a hash (or “fingerprint”) of the
string using the hash algorithm specified in the certificate.
3. The AVM Access Server also creates a hash fingerprint of the same
string using the same algorithm.
4. The remote site encrypts its fingerprint using the certificate’s
private key. The encrypted hash fingerprint is a digital signature.
5. The remote site sends this encrypted fingerprint to the AVM
Access Server.
6. The AVM Access Server decrypts the encrypted hash fingerprint
using the certificate’s public key.
7. Then the AVM Access Server compares hash fingerprint created by
the remote system with the one it generated itself. If they are the
same, then it is certain that the remote site possesses the
certificate’s secret key.