Public Key Cryptography - Cisco FirePOWER ASA 5500 series Configuration Manual

Configuring Certificates
This chapter describes how to configure certificates. CAs are responsible for managing certificate
requests and issuing digital certificates. A digital certificate contains information that identifies a user
or device. Some of this information can include a name, serial number, company, department, or IP
address. A digital certificate also contains a copy of the public key for the user or device. A CA can be
a trusted third party, such as VeriSign, or a private (in-house) CA that you establish within your
organization.
This chapter includes the following sections:
•
•

Public Key Cryptography

This section includes the following topics:
•
•
•
•
•
•
About Public Key Cryptography
Digital signatures, enabled by public key cryptography, provide a means to authenticate devices and
users. In public key cryptography, such as the RSA encryption system, each user has a key pair
containing both a public and a private key. The keys act as complements, and anything encrypted with
one of the keys can be decrypted with the other.
In simple terms, a signature is formed when data is encrypted with a private key. The signature is
attached to the data and sent to the receiver. The receiver applies the public key of the sender to the data.
If the signature sent with the data matches the result of applying the public key to the data, the validity
of the message is established.
This process relies on the receiver having a copy of the public key of the sender and having a high degree
of certainty that this key belongs to the sender, not to someone pretending to be the sender.
OL-10088-01
Public Key Cryptography, page 39-1
Certificate Configuration, page 39-5
About Public Key Cryptography, page 39-1
Certificate Scalability, page 39-2
About Key Pairs, page 39-2
About Trustpoints, page 39-3
About CRLs, page 39-3
Supported CA Servers, page 39-5
C H A P T E R
Cisco Security Appliance Command Line Configuration Guide
39
39-1