Table of Contents
Advertisement
3Com Router 3000 Ethernet Family
Configuration Guide
Chapter 9 PKI Configuration
9.1 PKI Overview
9.1.1 Introduction
Public key infrastructure (PKI) is a system which uses public key technology and digital
certificate to protect system security and authenticates digital certificate users. It
provides a whole set of security mechanism by combining software/hardware systems
and security policies together. PKI uses certificates to manage public keys: It binds
user public keys with other identifying information through a trustworthy association, so
that online authentication is possible. PKI provides safe network environment and
enables an easy use of encryption and digital signature technologies under many
application environments, to assure confidentiality, integrity and validity of online data.
A PKI system consists of public key algorithm, certificate authority, registration authority,
digital certificate, and PKI repository.
Figure 9-1 PKI components block diagram
Certificate authority issues and manages certificates. Registration authority
authenticates user identity and manages certificate revocation list. PKI repository
stores and manages such information as certificates and logs, and provides query
function. Digital certificate, also called Public Key Certificate (PKC), underlies the
security of PKI system and the trust in application. Adopting an authentication
technology based on public key technology, it is a file duly signed by certificate authority
that contains public key and owner information. It can be used as an identity proof for
online information exchange and commercial activities. A certificate has its lifetime,
which is specified in issuing. Of course, certificate authority can revoke a certificate
before its expiration date.
PKI application
Digital certificate
CA
RA
3Com Corporation
PKI repository
9-1
Chapter 9 PKI Configuration
Advertisement
Chapters
Table of Contents
Troubleshooting
