Certificate Authority
314 Avaya VPNmanager Configuration Guide Release 3.7
Certificate Authority A trusted company or organization that serves as a repository of digital
certificates. Once a CA accepts your public key (with some other proof of
identity), others can then request verification of your public key.
Certificates Issuer
Issuer Certificates also reside in the security gateway and are used to
authenticate the other side. For example, if the Directory Server presents a
certificate for an SSL session, the security gateway must have an Issuer
Certificate that can verify the VPNmanager’s certificate is valid. Devices
wishing to use IKE must be validated with an Issuer Certificate. All Issuer
certificates are public.
My Certificates
My Certificates is a list of nine (0 through 8) certificates that exist inside the
security gateway and are used to identify the security gateway to an opposite
endpoint. Requires generation of a public/private key pair wher e the pri vate key
never leaves the security gateway.
Signing
Similar to the security gateways Issuer Certificates necessary to verify the
VPNmanager Certificate, the Signing Certificates are for the VPNmanager
Console to verify the security gateway Certificate.
Certificate
Revocation List
(CRL), checking
Certificate Revocation List checking looks to a directory server (maintained by
CAs) to validate a new certificate by searching a list of no longer valid digital
certificates.
D
DCI Direct Configuration Interface is a Avaya Inc. proprietary protocol developed to
facilitate passing setup and configuration data between the VPNmanager
console and the security gateway. DCI traf fic can p ass in the cl ear if the LAN on
which they both reside is behind a firewall, or over SSL if not.
DES Data Encryption Standard (DES) is a block-cipher algorithm created by IBM
used to rapidly encrypt large amounts of data at one time. The technique us es a
56-bit key and operates on blocks of 64 bits. See Triple DESon page 318.
Diffie-Hellman A popular mechanism used to define the mathematical parameters used during
IKE negotiations. Group 1 specifies use of a 768 bit modulus, Group 2 a 1024
bit modulus (Group 2 is “more secure”).
Digital Certificate An electronic document used to establish a company’s identity by verifying its
public key. Digital Certificates are issued by a certificate authority.
Domain Name
Service (DNS) The network service that converts text-based names into numeric IP addresses
and vice-versa.
Domains, VPN A VPN Domain is a collection of Virtual Private Network devices that compose
a Virtual Private Network.