Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual page 14

Administration Guide
A.3.2. The authorityKeyIdentifier ............................................................................... 464
A.3.3. basicConstraints ............................................................................................ 465
A.3.4. certificatePolicies ........................................................................................... 465
A.3.5. CRLDistributionPoints .................................................................................... 466
A.3.6. extKeyUsage ................................................................................................. 466
A.3.7. issuerAltName Extension ............................................................................... 467
A.3.8. keyUsage ...................................................................................................... 467
A.3.9. nameConstraints ........................................................................................... 469
A.3.10. OCSPNocheck ............................................................................................ 469
A.3.11. policyConstraints .......................................................................................... 469
A.3.12. policyMappings ............................................................................................ 470
A.3.13. privateKeyUsagePeriod ................................................................................ 470
A.3.14. subjectAltName ........................................................................................... 471
A.3.15. subjectDirectoryAttributes ............................................................................. 471
A.3.16. subjectKeyIdentifier ...................................................................................... 471
A.4. Introduction to CRL Extensions ................................................................................. 472
A.4.1. Structure of CRL Extensions .......................................................................... 472
A.4.2. Sample CRL and CRL Entry Extensions ......................................................... 473
A.5. Standard X.509 v3 CRL Extensions .......................................................................... 474
A.5.1. Extensions for CRLs ...................................................................................... 474
A.5.2. CRL Entry Extensions .................................................................................... 480
A.6. Netscape-Defined Certificate Extensions ................................................................... 482
A.6.1. netscape-cert-type ......................................................................................... 482
A.6.2. netscape-comment ........................................................................................ 482
B. Introduction to Public-Key Cryptography
B.1. Internet Security Issues ............................................................................................ 485
B.2. Encryption and Decryption ........................................................................................ 486
B.2.1. Symmetric-Key Encryption ............................................................................. 486
B.2.2. Public-Key Encryption .................................................................................... 487
B.2.3. Key Length and Encryption Strength ............................................................... 488
B.3. Digital Signatures ..................................................................................................... 488
B.4. Certificates and Authentication .................................................................................. 489
B.4.1. A Certificate Identifies Someone or Something ................................................ 489
B.4.2. Authentication Confirms an Identity ................................................................. 490
B.4.3. How Certificates Are Used ............................................................................. 493
B.4.4. Single Sign-on ............................................................................................... 495
B.4.5. Contents of a Certificate ................................................................................ 495
B.4.6. How CA Certificates Establish Trust ............................................................... 498
B.5. Managing Certificates ............................................................................................... 503
B.5.1. Issuing Certificates ........................................................................................ 503
B.5.2. Certificates and the LDAP Directory ................................................................ 504
B.5.3. Key Management .......................................................................................... 504
B.5.4. Revoking Certificates ..................................................................................... 505
C. Enrolling a Certificate in a Cisco Router
C.1. Preparation .............................................................................................................. 507
C.2. Configuration ........................................................................................................... 507
C.2.1. Working with chained (subordinate) CAs ......................................................... 509
C.2.2. DEBUGGING: ............................................................................................... 510
Glossary
xiv
485
507
511