Netgear 05200007 User Manual

Using the Certificate Manager

6-3

There are two types of CA certificates:

•

A root CA certificate is signed by and issued to itself—that is, the issuer and subject are the 
same. 

•

A subordinate or intermediate CA certificate is issued by a CA other than itself. A subordinate 
certificate can be issued by a root CA or another subordinate CA.

Also required for the client user is a personal certificate, which contains information about the user 
(client) that uniquely identifies it. This is requested by the client, and issued by a subordinate CA. 

CAs that support SCEP may also employ a registration authority (RA), which is a network 
authority that collects and verifies certificate request information for the CA, and then signs 
responses on behalf of the CA. The CA, however, actually issues the certificates. These CAs may 
include RA certificates with CA certificates.

To communicate securely with certificates, you need three certificates issued by a CA: 

1.

Root CA certificate

2.

Subordinate CA certificate

Note: CAs that support Simple Certificate Enrollment Protocol (SCEP) may employ a 
registration authority (RA). The CA may include one or more RA certificates with the CA 
certificate. 

3.

Personal certificate (and keys)

To obtain certificates, you must enroll with a CA. There are two ways to enroll through the client:

•

Online enrollment, which uses SCEP. SafeNet recommends this method. 

a.

Obtain the CA's certificate server DNS name or IP address to make this request. Follow 
the instructions for the particular CA.

You can also obtain personal and CA certificates for IPSec through Microsoft Internet 
Explorer or an email program.

Note: To access the Microsoft CSP, Internet Explorer 5.01 or later must be installed on 
your computer.

b.

Retrieve a CA certificate online.

c.

Request a personal certificate online.