Pki Operation; Pki Applications; Pki Configuration Task List - HP 12500 Series Configuration Manual
Routing
Hide thumbs
Also See for 12500 Series:
- Configuration manual (402 pages) ,
- Network management and monitoring command reference (320 pages) ,
- Command reference manual (157 pages)
Table of Contents
Advertisement
PKI operation
In a PKI-enabled network, an entity can request a local certificate from the CA and the device can check
the validity of certificates. Here is how it operates:
An entity submits a certificate request to the RA.
1.
The RA reviews the identity of the entity and then sends the identity information and the public key
2.
with a digital signature to the CA.
The CA verifies the digital signature, approves the application, and issues a certificate.
3.
The RA receives the certificate from the CA, sends it to the LDAP server or other distribution point
4.
to provide directory navigation service, and notifies the entity that the certificate is successfully
issued.
The entity retrieves the certificate. With the certificate, the entity can communicate with other
5.
entities safely through encryption and digital signature.
The entity makes a request to the CA when it needs to revoke its certificate. The CA approves the
6.
request, updates the CRLs and publishes the CRLs on the LDAP server or other distribution point.
PKI applications
The PKI technology can satisfy the security requirements of online transactions. As an infrastructure, PKI
has a wide range of applications. Here are some application examples.
•
Virtual private network—A VPN is a private data communication network built on the public
communication infrastructure. A VPN can leverage network layer security protocols (for instance,
IPsec) in conjunction with PKI-based encryption and digital signature technologies for
confidentiality.
Secure email—Emails require confidentiality, integrity, authentication, and non-repudiation. PKI
•
can address these needs. The secure email protocol that is developing rapidly is
Secure/Multipurpose Internet Mail Extensions (S/MIME), which is based on PKI and allows for
transfer of encrypted mails with signature.
•
Web security—For Web security, two peers can establish an SSL connection first for transparent
and secure communications at the application layer. With PKI, SSL enables encrypted
communications between a browser and a server. Both of the communication parties can verify
each other's identity through digital certificates.
PKI configuration task list
Task
Configuring an entity DN
Configuring a PKI domain
Submitting a PKI certificate request
•
Submitting a certificate request in auto mode
•
Submitting a certificate request in manual mode
Retrieving a certificate manually
Configuring PKI certificate verification
293
Remarks
Required.
Required.
Required.
Use either approach.
Optional.
Optional.
Advertisement
Table of Contents
Troubleshooting
