Pki applications, Secure email, Web security – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 283: How does pki work, Pki configuration task list

269

PKI applications

The PKI technology can satisfy the security requirements of online transactions. As an infrastructure, PKI

has a wide range of applications. Here are some application examples.

VPN

A virtual private network (VPN) is a private data communication network built on the public
communication infrastructure. A VPN can leverage network layer security protocols (for instance, IPsec)

in conjunction with PKI-based encryption and digital signature technologies for confidentiality.

Secure email

Emails require confidentiality, integrity, authentication, and non-repudiation. PKI can address these

needs. The secure email protocol that is developing rapidly is Secure/Multipurpose Internet Mail
Extensions (S/MIME), which is based on PKI and allows for transfer of encrypted mails with signature.

Web security

For Web security, two peers can establish an SSL connection first for transparent and secure

communications at the application layer. With PKI, SSL enables encrypted communications between a

browser and a server. Both of the communication parties can verify each other's identity through digital
certificates.

How does PKI work

In a PKI-enabled network, an entity can request a local certificate from the CA and the access controller

(AC) can check the validity of certificates. Here is how it works:

An entity submits a certificate request to the RA.

The RA reviews the identity of the entity and then sends the identity information and the public key
with a digital signature to the CA.

The CA verifies the digital signature, approves the application, and issues a certificate.

The RA receives the certificate from the CA, sends it to the LDAP server to provide directory
navigation service, and notifies the entity that the certificate is successfully issued.

The entity retrieves the certificate. With the certificate, the entity can communicate with other
entities safely through encryption and digital signature.

The entity makes a request to the CA when it needs to revoke its certificate. The CA approves the
request, updates the CRLs and publishes the CRLs on the LDAP server.

PKI configuration task list

Complete the following tasks to configure PKI:

Task Remarks

Configuring an entity DN

Required.

Configuring a PKI domain

Required.

Submitting a PKI certificate request

Submitting a certificate request
in auto mode

Required.
Use either approach.

Submitting a certificate request
in manual mode

This manual is related to the following products:

H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000