beautypg.com

Pki operation, Pki applications, Fips compliance – H3C Technologies H3C S6300 Series Switches User Manual

Page 200: Pki configuration task list

background image

185

LDAP is a protocol for accessing and managing PKI information. An LDAP server stores the digital

certificates and CRLs from the CA/RA server and provides directory navigation service. From an
LDAP server, an entity can obtain the certificates of its own and other entities, as well as the CRLs.

PKI operation

The following describes how a PKI entity requests a local certificate from a CA, and how an RA is

involved in entity enrollment:

1.

A PKI entity submits a certificate request to the RA.

2.

The RA verifies the identity of the entity and sends a digital signature containing the identity
information and the public key to the CA.

3.

The CA verifies the digital signature, approves the request, and issues a certificate.

4.

After receiving the certificate from the CA, the RA sends the certificate to the LDAP server or other
certificate repositories to provide directory navigation services. It notifies the PKI entity that the

certificate is successfully issued.

5.

The entity obtains the certificate from the certificate repository.

PKI applications

The PKI technology can meet security requirements of online transactions. As an infrastructure, PKI has a

wide range of applications. Here are some application examples.

VPN—A VPN is a private data communication network built on the public communication
infrastructure. A VPN can leverage network layer security protocols (for example, IPsec) in

conjunction with PKI-based encryption and digital signature technologies for confidentiality.

Secure emails—PKI can address the email requirements for confidentiality, integrity, authentication,
and non-repudiation. A common secure email protocol is Secure/Multipurpose Internet Mail

Extensions (S/MIME), which is based on PKI and allows for transfer of encrypted mails with

signature.

Web security—The SSL protocol can be used to establish a secure connection between a client and
a Web server. During the SSL handshake, both parties can use PKI to identity the peer identity by

digital certificates.

FIPS compliance

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,

commands, and parameters might differ in FIPS mode (see "

Configuring FIPS

") and non-FIPS mode.

PKI configuration task list

Tasks at a glance

(Required.)

Configuring a PKI entity

(Required.)

Configuring a PKI domain

(Required.)

Requesting a certificate

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: