Manualsbrain.com
  1. Manuals
  2. Brands
  3. Wuxi MitraStar Technology Co. Ltd
  4. DSL100HNUT1V3
  5. User Manual

Wuxi MitraStar Technology Co. Ltd DSL100HNUT1V3 User Manual

Download
Page of 235
Chapter 16    Certificates
174
Additionally, Jenny uses her own private key to encrypt a message and Tim uses Jenny’s public key 
to decrypt the message.
The Device uses certificates based on public-key cryptology to authenticate users attempting to 
establish a connection. The method used to secure the data that you send through an established 
connection depends on the type of connection. For example, a VPN tunnel might use the triple DES 
encryption algorithm.
The certification authority uses its private key to sign certificates. Anyone can then use the 
certification authority’s public key to verify the certificates.
Certification Path
A certification path is the hierarchy of certification authority certificates that validate a certificate. 
The Device does not trust a certificate if any certificate on its path has expired or been revoked. 
Certificate Directory Servers
Certification authorities maintain directory servers with databases of valid and revoked certificates. 
A directory of certificates that have been revoked before the scheduled expiration is called a CRL 
(Certificate Revocation List). The Device can check a peer’s certificate against a directory server’s list 
of revoked certificates. The framework of servers, software, procedures and policies that handles 
keys is called PKI (public-key infrastructure).
Advantages of Certificates
Certificates offer the following benefits.
• The Device only has to store the certificates of the certification authorities that you decide to 
trust, no matter how many devices you need to authenticate. 
• Key distribution is simple and very secure since you can freely distribute public keys and you 
never need to transmit private keys.
Certificate File Format
The certification authority certificate that you want to import has to be in PEM (Base-64) encoded 
X.509 file format. This Privacy Enhanced Mail format uses 64 ASCII characters to convert a binary 
X.509 certificate into a printable form.
16.1.3  Verifying a Certificate
Before you import a trusted CA or trusted remote host certificate into the Device, you should verify 
that you have the actual certificate. This is especially true of trusted CA certificates since the Device 
also trusts any valid certificate signed by any of the imported trusted CA certificates.
You can use a certificate’s fingerprint to verify it. A certificate’s fingerprint is a message digest 
calculated using the MD5 or SHA1 algorithms. The following procedure describes how to check a 
certificate’s fingerprint to verify that you have the actual certificate.