Installing an issuer certificate, Figure 78 – Avaya 3.7 User Manual

Policy Manager - My Certificates

Issue 4 May 2005

239

Figure 78: Issuer Certificates

Explanation for

Figure 78

:

1. A Certificate Request from VSU

A

is sent to a PKI System to be signed.

2. The PKI uses the Certificate Request to create a Signed Certificate specifically for VSU

A

.

The Signed Certificate is then stored on VSU

A

.

3. Every target of VSU

A

must have VSU

A

’s Signed Certificate.

Note:

Note:

The target uses an Issuer Certificate to authenticate VSU

A

’s Signed Certificate.

The Issuer Certificate must be from the same PKI which created the VSU

A

’s

Signed Certificate.

Installing an issuer certificate

Use the Policy Manager for installing Issuer Certificates in a specific VSU. The VSU then uses
the Issuer Certificate to authenticate certificates received from other VSUs.

The process is explained in

Figure 78

.

To install an Issuer Certificate into a VSU (target):

1. Get an Issuer Certificate from a PKI System. Use the same PKI System that created the

Signed Certificate.

2. The PKI System must use the Distinguishing Encoding Rules (DER) format for creating the

Issuer Certificate.

Figure 79

shows what a certificate looks like (its body has been

shortened for the example).

VSU

A

WAN

VSU

B

PKI

Target of VSUA

1

2

3

4

Targets use Issuer Certificates to

authenticate Signed Certificates they

receive. The Issuer Certificate must be from

the same PKI System that created the Signed

Certificate. Issuer Certificates are stored

on targets.