Cisco Cisco Web Security Appliance S170 Guía Del Usuario
Chapter 10 Decryption Policies
Digital Certificates
10-10
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
X.509 certificates contain the following information:
•
Subject’s identity, such as the name of a person, server, or organization
•
Certificate validity period
•
Certificate authority who is vouching for the certificate
•
Digital signature of the certificate created by the certificate authority using its
private key
private key
•
Public key of the subject
.
Although anyone can create a digital certificate, not everyone can get a
well-respected certificate authority to vouch for the certificate’s information and
sign the certificate with its private key. For more information about validating the
certificate authority in a digital certificate, see
well-respected certificate authority to vouch for the certificate’s information and
sign the certificate with its private key. For more information about validating the
certificate authority in a digital certificate, see
Validating Certificate Authorities
The X.509 standard allows certificate authorities to issue digital certificates that
are signed by other certificate authorities. Due to this system, there is a hierarchy
of certificate authorities in a tree structure.
are signed by other certificate authorities. Due to this system, there is a hierarchy
of certificate authorities in a tree structure.
The top-most certificate authorities in the tree structure are called root
certificates. Root certificates are not signed by a separate certificate authority
because they are at the top of the tree structure. Therefore, by definition, all root
certificates are self-signed certificates. The certificate authority listed in the root
certificate is the certificate creator.
certificates. Root certificates are not signed by a separate certificate authority
because they are at the top of the tree structure. Therefore, by definition, all root
certificates are self-signed certificates. The certificate authority listed in the root
certificate is the certificate creator.
All certificates below the root certificate inherit the trustworthiness of the root
certificate. For example, if CertificateAuthorityABC is a trusted certificate
authority and it signs the certificate for certificate authority
CertificateAuthorityXYZ, then CertificateAuthorityXYZ is automatically a
trusted certificate authority.
certificate. For example, if CertificateAuthorityABC is a trusted certificate
authority and it signs the certificate for certificate authority
CertificateAuthorityXYZ, then CertificateAuthorityXYZ is automatically a
trusted certificate authority.
shows the certification path for a certificate viewed in a web browser.