Manualshelf

User`s guide

ManualsBrandsProxicast ManualsComputer equipmentLAN-Cell 2
251252253254255256257258259260
Chapter 11 Certificates Screens
LAN-Cell 2 User’s Guide
256
The LAN-Cell uses certificates based on public-key cryptology to authenticate users
attempting to establish a connection, not to encrypt the data that you send after establishing a
connection. The method used to secure the data that you send through an established
connection depends on the type of connection. For example, a VPN tunnel might use the triple
DES encryption algorithm.
The certification authority uses its private key to sign certificates. Anyone can then use the
certification authority’s public key to verify the certificates.
A certification path is the hierarchy of certification authority certificates that validate a
certificate. The LAN-Cell does not trust a certificate if any certificate on its path has expired or
been revoked.
Certification authorities maintain directory servers with databases of valid and revoked
certificates. A directory of certificates that have been revoked before the scheduled expiration
is called a CRL (Certificate Revocation List). The LAN-Cell can check a peer’s certificate
against a directory servers list of revoked certificates. The framework of servers, software,
procedures and policies that handles keys is called PKI (public-key infrastructure).
Advantages of Certificates
Certificates offer the following benefits.
The LAN-Cell only has to store the certificates of the certification authorities that you
decide to trust, no matter how many devices you need to authenticate.
Key distribution is simple and very secure since you can freely distribute public keys and
you never need to transmit private keys.
Self-signed Certificates
You can have the LAN-Cell act as a certification authority and sign its own certificates.
Verifying a Certificate
Before you import a trusted CA or trusted remote host certificate into the LAN-Cell, you
should verify that you have the actual certificate. This is especially true of trusted CA
certificates since the LAN-Cell also trusts any valid certificate signed by any of the imported
trusted CA certificates.
A certificate’s fingerprints are message digests calculated using the MD5 or SHA1 algorithms.
You can use a certificate’s fingerprint to verify it. The following procedure describes how to
check a certificate’s fingerprint to verify that you have the actual certificate.
1 Browse to where you have the certificate saved on your computer.
2 Make sure that the certificate has a “.cer” or “.crt” file name extension.
Figure 155 Certificates on Your Computer