HP 250m Print Server for Fast Ethernet, 250m Print Server - Fast Ethernet Self-Signed Certificate

Page 19

Create

Jack’s Public Key

 

Key Pair

 

Jack

 

 

 

Jack’s Private Key

 

Identity Info +

Jack’s Private Key

(Stays Private)

 

 

Jack

 

 

Jack’s Public Key

 

 

 

Identity Info +

 

 

Jack’s Public Key

 

 

Preliminary Certificate

Identity Info +

One-Way Function/Hash Function

 

Jack’s Public Key

Encryption

Digital Signature

 

Jack’s self-signed

 

Certificate

 

Figure 21 - Self-Signed Certificate

Basically, Jack’s private key does the signing on his public key certificate. A root (top of the chain) certificate authority is going to go through the same process. So why is it okay for a Root CA to have a self-signed certificate but no one else to have one? Well, it is all about trust. There is no “higher” level of trust then the top level certificate authority. Therefore, in our previous examples, John and Jack must choose a particular certificate authority that they both trust. In most cases, there is a hierarchy of certificate authorities at customer sites. This forms what is known as a certificate chain and there is a top level CA or Root CA where the ultimate trust resides.

Also, we should take care to point out that there is usually a difference between Internet trust using certificates and Intranet trust using certificates. Internet trust will involve well-known certificate authorities like Verisign and Entrust. However, Intranet models usually revolve around Microsoft’s certificate authority that comes with Windows 2003 server. Each company establishes their own Public Key Infrastructure (PKI) that includes an entire policy around certificates.

There is one other important thing to cover about certificates. Each certificate has a one or more “certificate purposes” that the certificate can be used for. For example, a Jetdirect self-signed certificate will have two purposes: client authentication and server authentication. A root certificate

19

Image 19
Contents Introduction WhitepaperHttp Application What is SSL/TLS?Application Changes Https DecodedHttp Session More Info Https Session Lock Icon Certificate Details IE6 Security Alert Digital CertificatesIE7 Certificate Error IE7 Certificate Error Certificate Information Public Key Infrastructure and Public Key Certificate BasicsSymmetric Cryptography Asymmetric Cryptography Digital Signature Digital Signature Verification Certificate Authority Public Key Certificates Self-Signed Certificate SSL/TLS Protocol Structures SSL/TLS Protocol BasicsClient Hello Server Hello Server Certificate Verification Keying Material Client Finished Server Finished Using Https with HP JetdirectCA Heirarchy Network Diagram Page Page Under the heading Jetdirect Certificate, press Configure… Page Page Page Page Page Page Page Page Page Page Page Save it Go to Tools and click Internet Options Click Certificates Click Import… Click Next Select the file Click Next Page Page Page Page Page Detailed Look at the SSL/TLS Connection Page Page Page Page Check for server certificate revocation is not selected Page Page SSL/TLS Server Settings HP Jetdirect as an SSL/TLS Client Page Page Page Page Select R2 and hit Export… Click Next Select DER. Click Next Save it Save it Click Finish Page Select the file. Click Finish Click OK Page Same message. What did we do wrong? Page Page We use the DNS name and try again Success Page CA Hierarchy SSL/TLS Client Understanding Certificate ChainsPage RootCA Incorrect HP Jetdirect CA Configuration Correct HP Jetdirect CA Configuration Walking the Chain SSL/TLS Client Certificates and Name Verification Subject SubjectAltName Page Page Page IPP over SSL/TLS Click Next Select a network printer… Page Page Print a test Yep we have our print data protected by SSL/TLS Embedded Devices and Digital Certificates HP Jetdirect Certificate GuidelinesSummary Which HP Jetdirect Products Support SSL/TLS?