Manualshelf

User`s manual

ManualsBrandsD-Link ManualsComputer equipmentDWL-8220AP - AirPremier Wireless Switch Dualband Access Point
261262263264265266267268269270
257
DWS-1008 User’s Manual
D-Link Systems, Inc.
Managing Keys and Certicates
Public Key Infrastructures
A public-key infrastructure (PKI) is a system of digital certicates and certication authorities
that verify and authenticate the validity of each party involved in a transaction through the use
of public key cryptography. To have a PKI, the switch requires the following:
A public key
A private key
• Digital certicates
A CA
A secure place to store the private key
A PKI enables you to securely exchange and validate digital certicates between switches,
servers, and users so that each device can authenticate itself to the others.
Public and Private Keys
D-Link’s identity-based networking uses public key cryptography to enforce the privacy of
data transmitted over the network. Using public-private key pairs, users and devices can
send encrypted messages that only the intended receiver can decrypt.
Before exchanging messages, each party in a transaction creates a key pair that includes
the public and private keys. The public key encrypts data and veries digital signatures, and
the corresponding private key decrypts data and generates digital signatures. Public keys are
freely exchanged as part of digital certicates. Private keys are stored securely.
Digital Certicates
Digital certicates bind the identity of network users and devices to a public key. Network
users must authenticate their identity to those with whom they communicate, and must be
able to verify the identity of other users and network devices, such as switches and RADIUS
servers.
The D-Link MobileLAN system supports the following types of X.509 digital certicates:
EAP certicate - Used by the switch to authenticate itself to EAP clients.
Certicate authority (CA) certicates - Used by the switch in addition to the
certicates listed above, when those certicates are from the CA.
The Admin and EAP certicates can be generated by the switch (self-signed) or generated and
signed by a CA. If they are signed by a CA, the CA’s own certicate is also required.