Elements of a public key infrastructure, End entities (ee), Certification authorities – Allied Telesis AT-S63 User Manual
Page 581: End entities (ee) certification authorities
AT-S63 Management Software Menus Interface User’s Guide
Section IV: Security
581
Elements of a
Public Key
Infrastructure
A public key infrastructure is a set of applications which manage the
creation, retrieval, validation and storage of certificates. A PKI consists of
the following key elements:
❑ At least one certification authority (CA), which issues and revokes
certificates.
❑ At least one publicly accessible repository, which stores
certificates and Certificate Revocation Lists.
❑ At least one end entity (EE), which retrieves certificates from the
repository, validates them and uses them.
End Entities (EE)
End entities own public keys and may use them for encryption and
digital signing. An entity which uses its private key to digitally sign
certificates is not considered to be an end entity, but is a certification
authority.
The switch acts as an end entity.
Certification Authorities
A certification authority is an entity which issues, updates, revokes and
otherwise manages public keys and their certificates. A CA receives
requests for certification, validates the requester’s identity according to
the CA’s requirements, and issues the certificate, signed with one of the
CA’s keys. CAs may also perform the functions of end entities, in that
they may make use of other CAs’ certificates for message encryption and
verification of digital signatures.
An organization may own a certification authority and issue certificates
for use within its own networks. In addition, an organization’s certificates
may be accepted by another network, after an exchange of certificates
has validated a certificate for use by both parties. As an alternative, an
outside CA may be used. The switch can interact with the CA, whether a
CA is part of the organization or not, by sending the CA requests for
certification.
The usefulness of certificates depends on how much you trust the
source of the certificate. You must be able to trust the issuing CA to
verify identities reliably. The level of verification required in a given
situation depends on the organization’s security needs.