Certificate verification – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

152

ServerIron ADX Security Guide

53-1002440-03

Configuring SSL on a ServerIron ADX

6

Certificate Verification

Every certificate has two very important fields: issuer (issued-by) and subject (issued-to). A CA’s
certificate has the same value in both fields, because the authority has issued a certificate to itself.
However, when the authority issues a certificate to a server, the issuer field contains the CA's
name, but the subject contains the server's name.

For example, the following server certificate was issued by Verisign (a CA):

Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority

Subject: C=US, ST=California, L=San Jose, O=Brocade Inc, OU=L47 and Security

Group, OU=Terms of use at www.verisign.com/rpa (c)05, CN=l47qa.foundrynet.com

To authenticate this server certificate, the client, for example, Firefox or IE, should have the
corresponding CA's certificate. When you open the trusted root CA page in Internet Explorer, you
can also see that entry has the same value in the issued by (issuer) and issued to (subject) fields.

This is an example of how a server certificate is issued directly by a CA. Note that in this scenario,
the server sends only its own certificate and not that of the CA.

Figure 11 shows a CA certificate.

FIGURE 11

Certificate