Pki Operation; Pki Applications; Support For Mpls L3Vpn - HP MSR2000 Configuration Manual
Hide thumbs
Also See for MSR2000:
- Configuration manual (455 pages) ,
- Manual (73 pages) ,
- High availability configuration manual (91 pages)
Table of Contents
Advertisement
PKI operation
The following describes how a PKI entity requests a local certificate from a CA, and how an RA is
involved in entity enrollment:
1.
A PKI entity submits a certificate request to the RA.
2.
The RA verifies the identity of the entity and sends a digital signature containing the identity
information and the public key to the CA.
3.
The CA verifies the digital signature, approves the request, and issues a certificate.
4.
After receiving the certificate from the CA, the RA sends the certificate to the LDAP server or other
certificate repositories to provide directory navigation services, and notifies the PKI entity that the
certificate is successfully issued.
5.
The entity obtains the certificate from the certificate repository.
PKI applications
The PKI technology can meet security requirements of online transactions. As an infrastructure, PKI has a
wide range of applications. Here are some application examples.
VPN—A VPN is a private data communication network built on the public communication
•
infrastructure. A VPN can leverage network layer security protocols (for example, IPsec) in
conjunction with PKI-based encryption and digital signature technologies for confidentiality.
Secure emails—PKI can address the email requirements for confidentiality, integrity, authentication,
•
and non-repudiation. A common secure email protocol is Secure/Multipurpose Internet Mail
Extensions (S/MIME), which is based on PKI and allows for transfer of encrypted mails with
signature.
Web security—The SSL protocol can be used to establish a secure connection between a client and
•
a Web server. During the SSL handshake, both parties can use PKI to identity the peer identity by
digital certificates.
Support for MPLS L3VPN
An enterprise might have multiple branches in different VPNs with isolated services. If users in the
branches request certificates from the CA server in the headquarters VPN, PKI support for MPLS L3VPN
is required.
As shown in
3, the PE device that connects to the PKI entity transmits the request to the CA server through MPLS L3VPN.
After the CA server receives the request and issues the certificate, the PE device that connects to the CA
server transmits the certificate to the PKI entity.
For information about MPLS L3VPN, see MPLS Configuration Guide.
Figure
32, if the PKI entity in VPN 1 wants to request a certificate from the CA server in VPN
101
Advertisement
Table of Contents
Troubleshooting
