Allied Telesis AT-S63 User Manual
AT-S63 Management Software Features Guide
Section IX: Management Security
409
Elements of a
Public Key
Infrastructure
A public key infrastructure is a set of applications which manage the
creation, retrieval, validation and storage of certificates. A PKI consists of
the following key elements:
creation, retrieval, validation and storage of certificates. A PKI consists of
the following key elements:
At least one certification authority (CA), which issues and revokes
certificates.
certificates.
At least one publicly accessible repository, which stores certificates
and Certificate Revocation Lists.
and Certificate Revocation Lists.
At least one end entity (EE), which retrieves certificates from the
repository, validates them and uses them.
repository, validates them and uses them.
End Entities (EE)
End entities own public keys and may use them for encryption and digital
signing. An entity which uses its private key to digitally sign certificates is
not considered to be an end entity, but is a certification authority.
signing. An entity which uses its private key to digitally sign certificates is
not considered to be an end entity, but is a certification authority.
The switch acts as an end entity.
Certification Authorities
A certification authority is an entity which issues, updates, revokes and
otherwise manages public keys and their certificates. A CA receives
requests for certification, validates the requester’s identity according to the
CA’s requirements, and issues the certificate, signed with one of the CA’s
keys. CAs may also perform the functions of end entities, in that they may
make use of other CAs’ certificates for message encryption and
verification of digital signatures.
otherwise manages public keys and their certificates. A CA receives
requests for certification, validates the requester’s identity according to the
CA’s requirements, and issues the certificate, signed with one of the CA’s
keys. CAs may also perform the functions of end entities, in that they may
make use of other CAs’ certificates for message encryption and
verification of digital signatures.
An organization may own a certification authority and issue certificates for
use within its own networks. In addition, an organization’s certificates may
be accepted by another network, after an exchange of certificates has
validated a certificate for use by both parties. As an alternative, an outside
CA may be used. The switch can interact with the CA, whether a CA is part
of the organization or not, by sending the CA requests for certification.
use within its own networks. In addition, an organization’s certificates may
be accepted by another network, after an exchange of certificates has
validated a certificate for use by both parties. As an alternative, an outside
CA may be used. The switch can interact with the CA, whether a CA is part
of the organization or not, by sending the CA requests for certification.
The usefulness of certificates depends on how much you trust the source
of the certificate. You must be able to trust the issuing CA to verify
identities reliably. The level of verification required in a given situation
depends on the organization’s security needs.
of the certificate. You must be able to trust the issuing CA to verify
identities reliably. The level of verification required in a given situation
depends on the organization’s security needs.