Configuring Certificates; Public Key Cryptography; About Public Key Cryptography - Cisco PIX 500 Series Configuration Manual

Configuring Certificates

This chapter describes how to configure certificates. CAs are responsible for managing certificate
requests and issuing digital certificates. A digital certificate contains information that identifies a user
or device. Some of this information can include a name, serial number, company, department, or IP
address. A digital certificate also contains a copy of the public key for the user or device. A CA can be
a trusted third party, such as VeriSign, or a private (in-house) CA that you establish within your
organization.
This chapter includes the following sections:
•
•
•

Public Key Cryptography

This section includes the following topics:
•
•
•
•
•
•

About Public Key Cryptography

Digital signatures, enabled by public key cryptography, provide a means to authenticate devices and
users. In public key cryptography, such as the RSA encryption system, each user has a key pair
containing both a public and a private key. The keys act as complements, and anything encrypted with
one of the keys can be decrypted with the other.
In simple terms, a signature is formed when data is encrypted with a private key. The signature is
attached to the data and sent to the receiver. The receiver applies the public key of the sender to the data.
If the signature sent with the data matches the result of applying the public key to the data, the validity
of the message is established.
OL-12172-03
Public Key Cryptography, page 39-1
Certificate Configuration, page 39-5
The Local CA, page 39-16
About Public Key Cryptography, page 39-1
Certificate Scalability, page 39-2
About Key Pairs, page 39-2
About Trustpoints, page 39-3
About CRLs, page 39-3
Supported CA Servers, page 39-5
C H A P T E R
Cisco Security Appliance Command Line Configuration Guide
39
39-1