Pki Architecture - HP A5830 Series Configuration Manual
Security switch
Hide thumbs
Also See for A5830 Series:
- Command reference manual (249 pages) ,
- Configuration manual (246 pages) ,
- Configuration manual (152 pages)
Table of Contents
Advertisement
might use different methods to check the binding of a public key with an entity, make sure that you
understand the CA policy before selecting a trusted CA for certificate request.
PKI architecture
A PKI system consists of entities, a CA, an RA, and a PKI repository. See
Figure 45 PKI architecture
Entity
An entity is an end user of PKI products or services, such as a person, an organization, a device, or a
process running on a computer.
CA
A CA is a trusted authority responsible for issuing and managing digital certificates. A CA issues
certificates, specifies the validity periods of certificates, and revokes certificates as needed by publishing
CRLs.
RA
An RA is an extended part of a CA or an independent authority. An RA can implement functions
including identity authentication, CRL management, key pair generation, and key pair backup. The PKI
standard recommends that an independent RA be used for registration management to achieve higher
security.
PKI repository
A PKI repository can be an LDAP server or a common database. It stores and manages information like
certificate requests, certificates, keys, CRLs, and logs when it provides a simple query function.
LDAP is a protocol for accessing and managing PKI information. An LDAP server stores user information
and digital certificates from the RA server and provides directory navigation service. From an LDAP
server, an entity can retrieve local and CA certificates of its own as well as certificates of other entities.
148
Figure
45.
Advertisement
Table of Contents
Troubleshooting
