Introduction To Pki - 3Com Switch 4800G 24-Port Configuration Manual

97

Introduction to PKI

PKI Overview
PKI Terms
PKI C
ONFIGURATION
When configuring PKI, go to these sections for information you are interested in:
"Introduction to PKI" on page 1219
■
"PKI Configuration Task List" on page 1222
■
"Displaying and Maintaining PKI" on page 1229
■
"PKI Configuration Examples" on page 1230
■
"Troubleshooting PKI" on page 1235
■
This section covers these topics:
"PKI Overview" on page 1219
■
"PKI Terms" on page 1219
■
"Architecture of PKI" on page 1220
■
"Applications of PKI" on page 1221
■
"Operation of PKI" on page 1221
■
Public Key Infrastructure (PKI) is a system designed for providing information
security through public key technologies and digital certificates and verifying the
identities of the digital certificate owners.
PKI employs digital certificates, which are bindings of certificate owner identity
information and public keys. PKI allows users to request certificates, use
certificates, and revoke certificates. By leveraging digital certificates and relevant
services like certificate distribution and blacklist publication, PKI supports
authentication the entities involved in communication, and thus guaranteeing the
confidentiality, integrity and non-repudiation of data.
Digital certificate
A digital certificate is a file signed by a certificate authority (CA) that contains a
public key and the related user identity information. A simplest digital certificate
contains a public key, an entity name, and a digital signature from the CA.
Generally, a digital certificate also includes the validity period of the key, the name
of the CA and the sequence number of the certificate. A digital certificate must
comply with the international standard of ITUTX.5.9. This manual involves two
types of certificates: local certificate and CA certificate. A local certificate is a
digital certificate signed by a CA for an entity, while a CA certificate, also known
as root certificate, is signed by the CA for itself.