beautypg.com

Elements of a public key infrastructure – Allied Telesis AT-S62 User Manual

Page 520

background image

Chapter 27: Public Key Infrastructure Certificates

Section VII: Management Security

520

❑ The owner’s identity details, such as name, company and address.

❑ The owner’s public key, and information about the algorithm with

which it was produced.

❑ The identity details of the organization which issued the

certificate.

❑ The issuer’s digital signature and the algorithm used to produce it.

❑ The period for which the certificate is valid.

❑ Optional information is included, such as the type of application

with which the certificate is intended to be used.

The issuing organization’s digital signature is included in order to
authenticate the certificate. As a result, if a certificate is tampered with
during transmission, the tampering is detected.

Elements of a

Public Key

Infrastructure

A Public Key Infrastructure is a set of applications which manage the
creation, retrieval, validation and storage of certificates. A PKI consists of
the following key elements:

❑ At least one Certification Authority (CA), which issues and revokes

certificates.

❑ At least one publicly accessible repository, which stores

certificates and Certificate Revocation Lists.

❑ At least one End Entity (EE), which retrieves certificates from the

repository, validates them and uses them.

End Entities (EE)

End Entities own public keys and may use them for encryption and
digital signing. An entity which uses its private key to digitally sign
certificates is not considered to be an End Entity, but is a Certification
Authority.

The switch acts as an End Entity.

Certification Authorities

A Certification Authority is an entity which issues, updates, revokes and
otherwise manages public keys and their certificates. A CA receives
requests for certification, validates the requester’s identity according to
the CA’s requirements, and issues the certificate, signed with one of the
CA’s keys. CAs may also perform the functions of End Entities, in that
they may make use of other CAs’ certificates for message encryption and
verification of digital signatures.

See also other documents in the category Allied Telesis Computer hardware: