Pki Architecture - HP 3600 v2 Series Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (441 pages) ,
- Security configuration manual (398 pages)
Table of Contents
Advertisement
certification practice statement (CPS). A CA policy can be acquired through out-of-band means
such as phone, disk, and email. As different CAs might use different methods to examine the
binding of a public key with an entity, make sure that you understand the CA policy before
selecting a trusted CA for certificate request.
PKI architecture
A PKI system consists of entities, a CA, a registration authority (RA) and a PKI repository.
Figure 79 PKI architecture
Entity
•
An entity is an end user of PKI products or services, such as a person, an organization, a device,
or a process running on a computer.
CA
•
A CA is a trusted authority responsible for issuing and managing digital certificates. A CA issues
certificates, specifies the validity periods of certificates, and revokes certificates as needed by
publishing CRLs.
•
RA
A registration authority (RA) is an extended part of a CA or an independent authority. An RA can
implement functions including identity authentication, CRL management, key pair generation and
key pair backup. The PKI standard recommends that an independent RA be used for registration
management to achieve higher security.
PKI repository
•
A PKI repository can be a Lightweight Directory Access Protocol (LDAP) server or a common
database. It stores and manages information like certificate requests, certificates, keys, CRLs and
logs when it provides a simple query function.
LDAP is a protocol for accessing and managing PKI information. An LDAP server stores user
information and digital certificates from the RA server and provides directory navigation service.
From an LDAP server, an entity can retrieve local and CA certificates of its own as well as
certificates of other entities.
249
Advertisement
Table of Contents
Troubleshooting
