HP 250m Print Server for Fast Ethernet, 250m Print Server - Fast Ethernet Certificate Authority

Page 17

Create	Jack’s Public Key
Key Pair	Jack’s Public Key
Jack
	Jack’s Private Key
			CA’s Public Key
Identity Info +
Jack		Certificate Authority	CA’s Private Key
Jack’s Public Key		Certificate Authority	CA’s Private Key
	(Also performs Identity Verification on Jack)
Certificate Request
Jack’s Private Key
(Stays Private)		Identity Info +
		Identity Info +
		CA Info +
		Jack’s Public Key
		Preliminary Certificate
Identity Info +		One-Way Function/Hash Function
Identity Info +
CA Info +
Jack’s Public Key		Encryption
CA’s Digital
Signature
Jack’s Public Key
Certificate

Figure 19 - Certificate Authority

Jack goes through a key pair generation process and creates a public and private key pair. The private key is kept secret. The public key is associated with some identity information and is given to a Certificate Authority. The certificate authority generates a certificate, usually specific to a purpose such as email, and signs the certificate with its digital signature. Assuming there is a place where these digital certificates are publicly available, as long as Jack and John can agree to trust a specific certificate authority, they’ll be fine trusting certificates signed by that authority. Refer to Figure 20.

17

Image 17

Contents Introduction WhitepaperHttp Application What is SSL/TLS?Application Changes Https DecodedHttp Session More Info Https Session Lock Icon Certificate Details IE6 Security Alert Digital CertificatesIE7 Certificate Error IE7 Certificate Error Certificate Information Public Key Infrastructure and Public Key Certificate BasicsSymmetric Cryptography Asymmetric Cryptography Digital Signature Digital Signature Verification Certificate Authority Public Key Certificates Self-Signed Certificate SSL/TLS Protocol Structures SSL/TLS Protocol BasicsClient Hello Server Hello Server Certificate Verification Keying Material Client Finished Server Finished Using Https with HP JetdirectCA Heirarchy Network Diagram Page Page Under the heading Jetdirect Certificate, press Configure… Page Page Page Page Page Page Page Page Page Page Page Save it Go to Tools and click Internet Options Click Certificates Click Import… Click Next Select the file Click Next Page Page Page Page Page Detailed Look at the SSL/TLS Connection Page Page Page Page Check for server certificate revocation is not selected Page Page SSL/TLS Server Settings HP Jetdirect as an SSL/TLS Client Page Page Page Page Select R2 and hit Export… Click Next Select DER. Click Next Save it Save it Click Finish Page Select the file. Click Finish Click OK Page Same message. What did we do wrong? Page Page We use the DNS name and try again Success Page CA Hierarchy SSL/TLS Client Understanding Certificate ChainsPage RootCA Incorrect HP Jetdirect CA Configuration Correct HP Jetdirect CA Configuration Walking the Chain SSL/TLS Client Certificates and Name Verification Subject SubjectAltName Page Page Page IPP over SSL/TLS Click Next Select a network printer… Page Page Print a test Yep we have our print data protected by SSL/TLS Embedded Devices and Digital Certificates HP Jetdirect Certificate GuidelinesSummary Which HP Jetdirect Products Support SSL/TLS?