beautypg.com

Certificate fields – Cisco VPN 3002 User Manual

Page 177

background image

12-51

VPN 3002 Hardware Client Reference

OL-1893-01

Chapter 12 Administration

Administration | Certificate Management | View

Certificate Fields

A certificate contains some or all of the following fields:

Field

Content

Subject

The person or system that uses the certificate. For a CA root certificate, the
Subject and Issuer are the same.

Issuer

The CA or other entity (jurisdiction) that issued the certificate.

Subject and Issuer consist of a specific-to-general identification hierarchy: CN,
OU, O, L, SP, and C. These labels and acronyms conform to X.520
terminology, and they echo the fields on the Administration | Certificate
Management | Enrollment screen.

CN

Common Name: the name of a person, system, or other entity. This is the
lowest (most specific) level in the identification hierarchy.

For the VPN 3002 self-signed SSL certificate, the CN is the IP address on the
Ethernet 1 (Private) interface at the time the certificate is generated. SSL
compares this CN with the address you use to connect to the VPN 3002 via
HTTPS, as part of its validation.

OU

Organizational Unit: the subgroup within the organization (O).

O

Organization: the name of the company, institution, agency, association, or
other entity.

L

Locality: the city or town where the organization is located.

SP

State/Province: the state or province where the organization is located.

C

Country: the two-letter country abbreviation. These codes conform to ISO
3166 country abbreviations.

Serial Number

The serial number of the certificate. Each certificate issued by a CA must be
unique among all certificates issued by that CA. CRL checking uses this serial
number.

Signing Algorithm

The cryptographic algorithm that the CA or other issuer used to sign this
certificate.

Public Key Type

The algorithm and size of the certified public key.

Certificate Usage

The purpose of the key contained in the certificate, for example: digital
signature, certificate signing, nonrepudiation, key or data encipherment, etc.

MD5 Thumbprint

A 128-bit MD5 hash of the complete certificate contents, shown as a 16-byte
string. This value is unique for every certificate, and it positively identifies the
certificate.

If you question a root certificate’s authenticity, you can check this value with
the issuer.