Certificate verification – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Brocade Virtual ADX Security Guide

113

53-1003250-01

Configuring SSL on a Brocade Virtual ADX

6

Certificate verification

Every certificate has two very important fields: issuer (issued-by) and subject (issued-to). A CA’s
certificate has the same value in both fields, because the authority has issued a certificate to itself.
However, when the authority issues a certificate to a server, the issuer field contains the CA's
name, but the subject contains the server's name.

For example, the following server certificate was issued by Verisign (a CA):

To authenticate this server certificate, the client, for example, Firefox or IE, should have the
corresponding CA's certificate. When you open the trusted root CA page in Internet Explorer, you
can also see that entry has the same value in the issued by (issuer) and issued to (subject) fields.

This is an example of how a server certificate is issued directly by a CA. Note that in this scenario,
the server sends only its own certificate and not that of the CA.

Figure 7

shows a CA certificate.

FIGURE 7

Certificate

Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority

Subject: C=US, ST=California, L=San Jose, O=Brocade Inc, OU=L47 and Security

Group, OU=Terms of use at www.verisign.com/rpa (c)05, CN=l47qa.brocadenet.com