Avaya 3.7 ユーザーズマニュアル
Certificate Authority
314 Avaya VPNmanager Configuration Guide Release 3.7
Certificate Authority
A trusted company or organization that serves as a repository of digital
certificates. Once a CA accepts your public key (with some other proof of
identity), others can then request verification of your public key.
certificates. Once a CA accepts your public key (with some other proof of
identity), others can then request verification of your public key.
Certificates
Issuer
Issuer Certificates also reside in the security gateway and are used to
authenticate the other side. For example, if the Directory Server presents a
certificate for an SSL session, the security gateway must have an Issuer
Certificate that can verify the VPNmanager’s certificate is valid. Devices
wishing to use IKE must be validated with an Issuer Certificate. All Issuer
certificates are public.
authenticate the other side. For example, if the Directory Server presents a
certificate for an SSL session, the security gateway must have an Issuer
Certificate that can verify the VPNmanager’s certificate is valid. Devices
wishing to use IKE must be validated with an Issuer Certificate. All Issuer
certificates are public.
My Certificates
My Certificates is a list of nine (0 through 8) certificates that exist inside the
security gateway and are used to identify the security gateway to an opposite
endpoint. Requires generation of a public/private key pair where the private key
never leaves the security gateway.
security gateway and are used to identify the security gateway to an opposite
endpoint. Requires generation of a public/private key pair where the private key
never leaves the security gateway.
Signing
Similar to the security gateways Issuer Certificates necessary to verify the
VPNmanager Certificate, the Signing Certificates are for the VPNmanager
Console to verify the security gateway Certificate.
VPNmanager Certificate, the Signing Certificates are for the VPNmanager
Console to verify the security gateway Certificate.
Certificate
Revocation List
(CRL), checking
Revocation List
(CRL), checking
Certificate Revocation List checking looks to a directory server (maintained by
CAs) to validate a new certificate by searching a list of no longer valid digital
certificates.
CAs) to validate a new certificate by searching a list of no longer valid digital
certificates.
D
DCI
Direct Configuration Interface is a Avaya Inc. proprietary protocol developed to
facilitate passing setup and configuration data between the VPNmanager
console and the security gateway. DCI traffic can pass in the clear if the LAN on
which they both reside is behind a firewall, or over SSL if not.
facilitate passing setup and configuration data between the VPNmanager
console and the security gateway. DCI traffic can pass in the clear if the LAN on
which they both reside is behind a firewall, or over SSL if not.
DES
Data Encryption Standard (DES) is a block-cipher algorithm created by IBM
used to rapidly encrypt large amounts of data at one time. The technique uses a
56-bit key and operates on blocks of 64 bits. See
used to rapidly encrypt large amounts of data at one time. The technique uses a
56-bit key and operates on blocks of 64 bits. See
Diffie-Hellman
A popular mechanism used to define the mathematical parameters used during
IKE negotiations. Group 1 specifies use of a 768 bit modulus, Group 2 a 1024
bit modulus (Group 2 is “more secure”).
IKE negotiations. Group 1 specifies use of a 768 bit modulus, Group 2 a 1024
bit modulus (Group 2 is “more secure”).
Digital Certificate
An electronic document used to establish a company’s identity by verifying its
public key. Digital Certificates are issued by a certificate authority.
public key. Digital Certificates are issued by a certificate authority.
Domain Name
Service (DNS)
Service (DNS)
The network service that converts text-based names into numeric IP addresses
and vice-versa.
and vice-versa.
Domains, VPN
A VPN Domain is a collection of Virtual Private Network devices that compose
a Virtual Private Network.
a Virtual Private Network.