3com WX2200 3CRWX220095A User Manual
416
C
HAPTER
20: M
ANAGING
K
EYS
AND
C
ERTIFICATES
Public Key
Infrastructures
A public-key infrastructure (PKI) is a system of digital certificates and
certification authorities that verify and authenticate the validity of each
party involved in a transaction through the use of public key
cryptography. To have a PKI, the WX switch requires the following:
certification authorities that verify and authenticate the validity of each
party involved in a transaction through the use of public key
cryptography. To have a PKI, the WX switch requires the following:
A public key
A private key
Digital certificates
A CA
A secure place to store the private key
A PKI enables you to securely exchange and validate digital certificates
between WX switches, servers, and users so that each device can
authenticate itself to the others.
between WX switches, servers, and users so that each device can
authenticate itself to the others.
Public and Private
Keys
3Com’s identity-based networking uses public key cryptography to
enforce the privacy of data transmitted over the network. Using
public-private key pairs, users and devices can send encrypted messages
that only the intended receiver can decrypt.
enforce the privacy of data transmitted over the network. Using
public-private key pairs, users and devices can send encrypted messages
that only the intended receiver can decrypt.
Before exchanging messages, each party in a transaction creates a key
pair that includes the public and private keys. The public key encrypts
data and verifies digital signatures, and the corresponding private key
decrypts data and generates digital signatures. Public keys are freely
exchanged as part of digital certificates. Private keys are stored securely.
pair that includes the public and private keys. The public key encrypts
data and verifies digital signatures, and the corresponding private key
decrypts data and generates digital signatures. Public keys are freely
exchanged as part of digital certificates. Private keys are stored securely.
Digital Certificates
Digital certificates bind the identity of network users and devices to a
public key. Network users must authenticate their identity to those with
whom they communicate, and must be able to verify the identity of other
users and network devices, such as switches and RADIUS servers.
public key. Network users must authenticate their identity to those with
whom they communicate, and must be able to verify the identity of other
users and network devices, such as switches and RADIUS servers.
The 3Com Mobility System supports the following types of X.509 digital
certificates:
certificates:
Administrative certificate—Used by the WX switch to authenticate
itself to 3Com Wireless Switch Manager or Web Manager.
itself to 3Com Wireless Switch Manager or Web Manager.
WX-WX security certificate—Used by WX switches in a Mobility
Domain to securely exchange management information. (For more
information about this option, see “Configuring WX-WX Security” on
page 158.
Domain to securely exchange management information. (For more
information about this option, see “Configuring WX-WX Security” on
page 158.