Advantages Of Certificates - ZyXEL Communications Vantage CNM 2.3 User Manual

Jenny receives the message and uses Tim's public key to decrypt it.
4
Additionally, Jenny uses her own private key to encrypt a message and Tim uses
5
Jenny's public key to decrypt the message.
The device uses certificates based on public-key cryptology to authenticate users
attempting to establish a connection, not to encrypt the data that you send after
establishing a connection. The method used to secure the data that you send
through an established connection depends on the type of connection. For
example, a VPN tunnel might use the triple DES encryption algorithm.
The certification authority uses its private key to sign certificates. Anyone can then
use the certification authority's public key to verify the certificates.
A certification path is the hierarchy of certification authority certificates that
validate a certificate. The device does not trust a certificate if any certificate on its
path has expired or been revoked.
Certification authorities maintain directory servers with databases of valid and
revoked certificates. A directory of certificates that have been revoked before the
scheduled expiration is called a CRL (Certificate Revocation List). The device can
check a peer's certificate against a directory server's list of revoked certificates.
The framework of servers, software, procedures and policies that handles keys is
called PKI (public-key infrastructure).

30.7.1 Advantages of Certificates

The device only has to store the certificates of the certification authorities that you
decide to trust, no matter how many devices you need to authenticate.
Key distribution is simple and very secure since you can freely distribute public
keys and you never need to transmit private keys.
Vantage CNM User's Guide
Chapter 30 CNM System Setting
575