beautypg.com

Basic overview, Types of certificates – Allied Telesis AT-S62 User Manual

Page 511

background image

AT-S62 User’s Guide

Section VII: Management Security

511

Basic Overview

This chapter explains how to implement encryption for your web
browser management sessions. Encryption can protect your managed
switches from unauthorized access by making it impossible for an
intruder monitoring network traffic to decipher the contents of the
management packets exchanged between your workstation and a
switch during a web browser management session.

Web browser encryption involves an encryption key pair and a digital
document called a certificate. The key, as explained in Chapter 26,
Encryption Keys on page 492, consists of two parts, a private key and a
public key. The private key always remains on the switch. The public key
is incorporated into a certificate. Your web browser downloads the
certificate from the switch when you begin a management session.

Web browser encryption is provided by the Secure Sockets Layer (SSL)
protocol. SSL was originally designed to offer security in Internet
commerce and other web transactions, so as to provide Internet users a
means of protecting their information from prying eyes as it crosses the
Internet.

Of course, managing a switch with a web browser cannot be
characterized as Internet commerce. But the sensitive nature of the
information contained within the management packets makes
protecting the packets a critical component of network security.

Types of

Certificates

The AT-S62 management software supports two types of certificates.
The first is called a self-signed certificate. This is the quickest and easiest
to create because the switch creates it itself. For small to medium sized
networks, this might be the way to go. The procedure for creating this
kind of certificate is found in Creating a Self-signed Certificate on page
524. To review all the steps to configuring the web server on the switch
for this type of certificate, refer to General Steps for a Self-signed
Certificate on page 488.

The second type of certificate is a CA certificate. Here, you create the
encryption key pair on the switch but someone else issues the
certificate, which you then load onto the switch. That person, group, or
organization that issues the certificate is called a certification authority
(CA).

There are two kinds of CAs: public and private. A public CA issues
certificates for other companies and organizations. A well known
example is Verisign. A public CA will require proof of the identify of the
company or organization that wants a certificate before it will issue it.

See also other documents in the category Allied Telesis Computer hardware: