Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
261262263264265266267268269270
234 XSR Users Guide
Describing Public-Key Infrastructure (PKI) Chapter 11
Configuring the Virtual Private Network
It is possible to use your private key for encryption and public key for
decryption. Although this is not desirable when you are encrypting sensitive
data, it is a crucial part of digitally signing any data. Instead of encrypting the
data itself, the signing software creates a one-way hash of the data, then uses
your private key to encrypt the hash. The encrypted hash, along with other
information, such as the hashing algorithm, is known as a digital signature.
Certificates
A certificate is an electronic document used to identify an individual, server,
company, or some other entity and to associate that identity with a public key.
Like a driver's license, a passport, or other personal IDs, a certificate provides
proof of a person's identity. PKI uses certificates to address the problem of
impersonation. Certificates are similar to these familiar forms of ID.
Certificate Authorities (CAs) validate identities and issue certificates. They
can be either independent third parties or organizations running their own
certificate-issuing server software. At this time, the XSR supports the
Microsoft CA.
The methods used to validate an identity vary depending on the policies of a
given CA - just as the methods to validate other forms of identification vary
depending on who is issuing the ID and the purpose for which it will be used.
In general, before issuing a certificate, the CA must use its published
verification procedures for that type of certificate to ensure that an entity
requesting a certificate is in fact who it claims to be.
The certificate issued by the CA binds a particular public key to the name of
the entity the certificate identifies (such as an employee or server name).
Certificates help prevent the use of fake public keys for impersonation. Only
the public key certified by the certificate will work with the corresponding
private key possessed by the entity identified by the certificate.
In addition to a public key, a certificate always includes the name of the entity
it identifies, an expiration date, the name of the CA that issued the certificate,
a serial number, and other data. Most importantly, a certificate always
includes the digital signature of the issuing CA. The CA's digital signature
allows the certificate to function as a letter of introduction for users who know
and trust the CA but don't know the entity identified by the certificate.