Certificates, Overview – Amer Networks E5Web GUI User Manual

3.8. Certificates

3.8.1. Overview

The X.509 Standard

cOS Core supports digital certificates that comply with the ITU-T X.509 standard. This involves
the use of an X.509 certificate hierarchy with public-key cryptography to accomplish key
distribution and entity authentication. References in this document to certificates mean X.509
certificates.

When distributed to another party, a certificate performs two functions:

•

It distributes the certificate owner's public key.

•

It establishes the certificate owner's identity.

A certificate acts as a digital proof of identity. It links an identity to a public key in order to
establish whether a public key truly belongs to the supposed owner. By doing this, it prevents
data transfer interception by a malicious third-party who might post a fake key with the name
and user ID of an intended recipient.

Certificate Components

A certificate consists of the following:

•

A public key.

•

The "identity" of the user, such as name and user ID.

•

Digital signatures that verify that the information enclosed in the certificate has been verified
by a CA.

By binding the above information together, a certificate is a public key with identification
attached, coupled with a stamp of approval by a trusted party.

Certificates in cOS Core

A certificate is stored in a cOS Core configuration as a Certificate object. There is always one
certificate object already predefined in cOS Core which is the self-signed certificate
HTTPSAdminCert and this is sent to the browser when opening an SSL Web Interface session and
is also used with SSL VPN.

A list of installed certificates can be displayed with the Web Interface or InControl or CLI. With the
CLI, the command would be:

Device:/> show Certificate

Name

Type

Comments

--------------

-----

--------

HTTPSAdminCert

Local

To view the properties of a certificate using the CLI:

Device:/> show Certificate HTTPSAdminCert

Chapter 3: Fundamentals

222