Technical information

ManualsBrandsSchmid ManualsComputer equipmentWatson

271

272

273

274

275

276

277

278

279

280

Watson-SHDSL-Router-GUI-Manual.doc

Version 2.3-03

Watson SHDSL Router

Web-based Management Manual

Revision: 2012-02-29

9-11

The serial number of the certificate the entity (application or person) that created

the certificate is responsible for assigning it a unique serial number to distinguish it

from other certificates it issues. This information is used in numerous ways; for ex-

ample when a certificate is revoked, its serial number is placed on a Certificate

Revocation List (CRL).

The certificate holder's unique identifier this name is intended to be unique across

the Internet. A DN consists of multiple subsections and may look something like

this: CN=John Smith, EMAIL=Watson@schmid-telecom.com, OU=R&D,

O=Schmid-Telecom, C=CH (These refer to the subject's Common Name, Organi-

zational Unit, Organization, and Country.)

The certificate's validity period the certificate's start date/time and expiration

date/time; indicates when the certificate will expire.

The unique name of the certificate issuer the unique name of the entity that signed

the certificate. This is normally a CA. Using the certificate implies trusting the entity

that signed this certificate. (Note that in some cases, such as root or top-level CA

certificates, the issuer signs its own certificate.)

The digital signature of the issuer the signature using the private key of the entity

that issued the certificate.

The signature algorithm identifier identifies the algorithm used by the CA to sign

the certificate.

9.9.4.2 Watson Certificate Stores

Watson maintains two certificate stores:

1. Watson Local Store This store contains a list of approved certificates that are

used to identify Watson to its clients. The list also includes certificate requests

that are pending a CA's endorsement. You can obtain certificates for Watson us-

ing the following methods:

 Requesting an X509 Certificate This method creates both a private and a

matching public key. The public key is then sent to the CA to be certified.

 Creating a Self-Signed Certificate This method is the same as requesting a

certificate, only the authentication of the public key does not require a CA. This

is mainly intended for use within small organizations.

 Loading a PKCS#12 Format Certificate This method loads a certificate using

an already available and certified set of private and public keys.

2. Certificate Authority (CA) Store This store contains a list of the trusted certificate

authorities, which is used to check certificates presented by Watson clients.

9.9.4.2.1 Requesting an X509 Certificate

To obtain an X509 certificate, you must ask a CA to issue you one. You provide

your public key, proof that you possess the corresponding private key, and some

specific information about yourself. You then digitally sign the information and send

the whole package – the certificate request – to the CA. The CA then performs

some due diligence in verifying that the information you provided is correct and, if

so, generates the certificate and returns it. You might think of an X509 certificate as

looking like a standard paper certificate with a public key taped to it. It has your