1 pki configuration, Introduction to pki, Pki overview – H3C Technologies H3C S5120 Series Switches User Manual

Page 447: Pki terms, Digital certificate, Pki configuration

Advertising
background image

1-1

1

PKI Configuration

This chapter includes these sections:

z

Introduction to PKI

z

PKI Configuration Task List

z

Displaying and Maintaining PKI

z

PKI Configuration Examples

z

Troubleshooting PKI

Introduction to PKI

This section covers these topics:

z

PKI Overview

z

PKI Terms

z

Architecture of PKI

z

Applications of PKI

z

Operation of PKI

PKI Overview

The Public Key Infrastructure (PKI) is a general security infrastructure for providing information security

through public key technologies.

PKI, also called asymmetric key infrastructure, uses a key pair to encrypt and decrypt the data. The key

pair consists of a private key and a public key. The private key must be kept secret while the public key

needs to be distributed. Data encrypted by one of the two keys can only be decrypted by the other.

A key problem of PKI is how to manage the public keys. Currently, PKI employs the digital certificate

mechanism to solve this problem. The digital certificate mechanism binds public keys to their owners,

helping distribute public keys in large networks securely.

With digital certificates, the PKI system provides network communication and e-commerce with security

services such as user authentication, data non-repudiation, data confidentiality, and data integrity.

Currently, H3C's PKI system provides certificate management for Secure Sockets Layer (SSL).

PKI Terms

Digital certificate

A digital certificate is a file signed by a certificate authority (CA) for an entity. It includes mainly the

identity information of the entity, the public key of the entity, the name and signature of the CA, and the

validity period of the certificate, where the signature of the CA ensures the validity and authority of the

certificate. A digital certificate must comply with the international standard of ITU-T X.509. Currently, the

most common standard is X.509 v3.

This manual involves two types of certificates: local certificate and CA certificate. A local certificate is a

digital certificate signed by a CA for an entity, while a CA certificate is the certificate of a CA. If multiple

Advertising
Popular Brands
Popular manuals