152 ServerIron ADX Security Guide
53-1002440-03
Configuring SSL on a ServerIron ADX
6
Certificate Verification
Every certificate has two very important fields: issuer (issued-by) and subject (issued-to). A CA’s
certificate has the same value in both fields, because the authority has issued a certificate to itself.
However, when the authority issues a certificate to a server, the issuer field contains the CA's
name, but the subject contains the server's name.
For example, the following server certificate was issued by Verisign (a CA):
Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
Subject: C=US, ST=California, L=San Jose, O=Brocade Inc, OU=L47 and Security
Group, OU=Terms of use at www.verisign.com/rpa (c)05, CN=l47qa.foundrynet.com
To authenticate this server certificate, the client, for example, Firefox or IE, should have the
corresponding CA's certificate. When you open the trusted root CA page in Internet Explorer, you
can also see that entry has the same value in the issued by (issuer) and issued to (subject) fields.
This is an example of how a server certificate is issued directly by a CA. Note that in this scenario,
the server sends only its own certificate and not that of the CA.
Figure 11 shows a CA certificate.
FIGURE 11 Certificate