Managing Digital Certificates; Importing Ca Certificates - Motorola WS2000 System Reference Manual

6-16 WS2000 Wireless Switch System Reference Guide

6.3 Managing Digital Certificates

A digital certificate is an electronic identification card that establishes your credentials when doing business
or other transactions on the Web. It is issued by a certification authority (CA). It contains a name, a serial
number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and
digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify
that the certificate is real.
The WS 2000 Wireless Switch uses digital certificates for VPN access authentication and user
authentication. The application provides two mechanisms for defining/importing digital certificates:
• CA certificates are those that a CA creates and signs with its own private key. These certificates are
imported into the switch CA certificate library. (See Importing CA Certificates for directions.)
• Self certificates are those that an organization creates a certificate request, sends it off to a Certificate
Authority (CA) to be signed, and then imports the signed certificate into the management system. (See
Creating Self Certificates

6.3.1 Importing CA Certificates

A certificate authority (CA) is a network authority that issues and manages security credentials and public
keys for message encryption. The CA signs all digital certificates that it issues with its own private key. The
corresponding public key is contained within the certificate and is called a CA certificate. A browser must
contain this CA certificate in its "Trusted Root Library" so that it can trust certificates "signed" by the CA's
private key.
Depending on the public key infrastructure implementation, the digital certificate includes the owner's public
key, the expiration date of the certificate, the owner's name, and other information about the public key
owner.
The WS2000 Management System provides the means to import and maintain a set of CA certificates to be
used as an authentication option for VPN access. To use the certificate for a VPN tunnel, define a tunnel and
select the IKE settings to use either RSA or DES certificates.
Before you import a certificate, you need to get one. Ask a CA for a certificate. They will typically send you
the certificate information in an email message. You will need to import the content of the message into the
WS2000 Network Management System.
NOTE: Make sure that the WS2000 is time synchronized with an NTP server before importing a certificate
to avoid issues with conflicting date/time stamps.
for directions.)