Public key infrastructure overview, Public keys – Allied Telesis AT-S60 User Manual

Chapter 24: Public Key Infrastructure (PKI)

Section V: Security Features

502

Public Key Infrastructure Overview

This chapter describes the Public Key Infrastructure (PKI) feature, Allied
Telesyn’s implementation of the feature, and how to configure PKI for
web server security. The PKI feature is part of the switch’s suite of
security modules, and consists of a set of tools for managing and using
certificates.

The tools that make up the Public Key Infrastructure allow the switch to
securely exchange public keys, while being sure of the identity of the
keyholder.

The switch acts as an End Entity (EE) in an X.509 certificate-based PKI.
More specifically, the switch can communicate with Certification
Authorities (CAs) and Certificate Repositories to request, retrieve and
verify X.509 certificates.The switch allows protocols running on the
switch, such as ISAKMP, access to these certificates. The following
sections of this chapter summarize these concepts and describe the
switch’s implementation of them.

This chapter contains the following procedures for creating and
modifying certificates:

❑ Creating Certificates on page 508

❑ Adding Certificates to the Database on page 513

❑ Deleting and Modifying Certificates on page 515

❑ Viewing Certificates on page 518

❑ Generating Enrollment Requests on page 521

These procedures are part of a comprehensive procedure to create
certificates on the switch. See Configuring SSL Certificates on page 481
for a list of all the procedures you must complete to create certificates on
the switch.

Public Keys

Public key encryption involves the generation of two keys for each user,
one private and one public. Material encrypted with a private key can
only be decrypted with the corresponding public key, and vice versa. An
individual’s private key must be kept secret, but the public key may be
distributed as widely as desired, because it is impossible to calculate the
private key from the public key. The advantage of public key encryption
is that the private key need never be exchanged, and so can be kept
secure more easily than a shared secret key.