| RootCA’s Info + | |
RootCA.example.internal |
| |
Root Certificate Authority: RootCA | RootCA’s | |
Public Key | ||
| ||
| RootCA’s Digital | |
| Signature | |
| RootCA’s Certificate |
R2.example.internal
R2’s Info +
Subordinate Certificate Authority: R2
R2’s Public Key
RootCA’s Digital |
| |
Signature | What Certificates should be configured on | |
R2’s Certificate | Jetdirect so that an SSL Client will be | |
| successful? | |
RootCA’s Info + | LJ 4345MFP’s Info + | |
CORRECT! | Public Key | |
RootCA’s |
| |
Public Key | R2’s Digital | |
RootCA’s Digital | ||
Signature | Signature | |
RootCA’s Certificate | LJ 4345MFP’s Identity | |
Certificate | ||
|
Be sure the Root CA of your CA Hierarchy has its public key certificate configured on Jetdirect!
Here is a question for you: When Jetdirect is acting as a client and receives the server’s certificate
signed by R2, how can it know that R2’s certificate was signed by RootCA? The answer: It cannot!
Another special thing must happen: The server must send R2’s CA certificate along with its own certificate. This allows Jetdirect to “walk the chain” and verify the certificate chain is valid. Refer to Figure 36 – Walking the Chain 1
81