Cisco Cisco Meeting Server 2000
Cisco Meeting Server Release 2.0 : Certificate Guidelines for Single Combined Deployments
6
1.2 Brief overview of PKI
Public key infrastructure (PKI) provides a mechanism to secure communications and validate
identities of communicating parties. Communications are made secure through encryption, and
identities are validated through the use of public/private key pairs and digital identity certificates.
identities of communicating parties. Communications are made secure through encryption, and
identities are validated through the use of public/private key pairs and digital identity certificates.
1.2.1 Public/private key pair
A public and private key pair comprises two uniquely related cryptographic keys mathematically
related. Whatever is encrypted with a public key may only be decrypted by its corresponding
private key (which must be kept secret), and vice versa.
related. Whatever is encrypted with a public key may only be decrypted by its corresponding
private key (which must be kept secret), and vice versa.
1.2.2 Certificates
A certificate is a wrapper around the public key, and provides information about the owner of
the public key. It typically contains the name of the entity to which the certificate is issued,
contact details for the owner, validity dates (when the certificate is valid), and issuer (the
authority that issued the certificate). Certificates need to be signed by trustworthy authorities
that can validate that the owner is who they claim to be. Certificate Authorities (CAs) are
trustworthy authorities that certify the identities of individuals, organizations, and computers on
the network.
the public key. It typically contains the name of the entity to which the certificate is issued,
contact details for the owner, validity dates (when the certificate is valid), and issuer (the
authority that issued the certificate). Certificates need to be signed by trustworthy authorities
that can validate that the owner is who they claim to be. Certificate Authorities (CAs) are
trustworthy authorities that certify the identities of individuals, organizations, and computers on
the network.
When an entity requires a certificate, it first generates a public/private key pair. It then creates a
Certificate Signing Request (.csr) file which contains the entity’s public key and information
identifying the entity (see Table 1). The entity signs the .csr file using their private key and sends
the .csr file to a CA for processing. Depending on the level of verification required, the entity may
send the .csr file to either a public CA, such as Verisign, or use an internal CA, for example Active
Directory server with the Active Directory Certificate Services Role installed.
Certificate Signing Request (.csr) file which contains the entity’s public key and information
identifying the entity (see Table 1). The entity signs the .csr file using their private key and sends
the .csr file to a CA for processing. Depending on the level of verification required, the entity may
send the .csr file to either a public CA, such as Verisign, or use an internal CA, for example Active
Directory server with the Active Directory Certificate Services Role installed.
The CA uses the .csr file and public key to verify the identity of the entity. If verification is
successful, the CA issues a digital identity certificate to the entity, which is proof that the entity
named in the certificate is the owner of the public key and private key set. The digital identity
certificate is used by the entity to give other entities on the network a high level of assurance that
the public key really belongs to the owner of the private key.
successful, the CA issues a digital identity certificate to the entity, which is proof that the entity
named in the certificate is the owner of the public key and private key set. The digital identity
certificate is used by the entity to give other entities on the network a high level of assurance that
the public key really belongs to the owner of the private key.
Table 1: Information in a .csr file
Information
Description
Common Name (CN)
This is the fully qualified domain name that you wish to secure
e.g. 'www.example.com’.
e.g. 'www.example.com’.
Organization or Business name (O)
Usually the legal incorporated name of a company. It should
include any suffixes such as Ltd., Inc., or Corp.
include any suffixes such as Ltd., Inc., or Corp.
Organizational unit or Department name
(OU)
(OU)
For example, Support, IT, Engineering, Finance.
1 Introduction