Chapter 6 Authentication and Federated Identity

Concepts

D

DC

digital certificate

Return to Top

domain component. An attribute to designate one constituent part of a fully-qualified domain name (FQDN). Suppose for example that you manage a server whose FQDN is americas.example.com. In this case, you would link together three DC attribute-value pairs: DC=Americas,DC=example,dc=com.

Note

An LDAP expression must never include a space immediately to either side of a “=” sign. Similarly, it must

 

never include a space immediately to either side of an “objectClass” attribute. Otherwise, validation fails.

Uniquely encrypted digital representation of one directory service entity, whether physical or logical. This trustworthy representation certifies that the entity is not an imposter when it sends or receives data through a secured channel. The CA normally issues the certificate upon request by the entity or its representative. The requestor is then held accountable as the “certificate holder.” To establish and retain credibility, a certificate must conform to requirements set forth in International Organization for Standardization (ISO) standard X.509. Most commonly, a digital certificate includes the following.

One DN to authenticate the directory service entity.

One DN to authenticate the CA.

A serial number to identify the digital certificate itself.

An expiration date, after which any entity that receives the certificate should reject it.

A copy of the certificate holder’s public key.

The CA’s digital signature, so recipients can verify that the certificate is not forged.

User Guide for Cisco Digital Media Manager 5.2.x

6-4

OL-15762-03

 

 

Page 50
Image 50
Cisco Systems 5.2.x manual One DN to authenticate the directory service entity, Digital certificate