Secure email
Emails require confidentiality, integrity, authentication, and
Web security
For Web security, two peers can establish a Secure Sockets Layer (SSL) connection first for transparent and secure communications at the application layer. With PKI, SSL enables encrypted communications between a browser and a server. Both the communication parties can verify the identity of each other through digital certificates.
Operation of PKI
In a
Table 139 An entity submits a certificate request to the CA.
Table 140 The RA verifies the identity of the entity and then sends the identity information and the public key with a digital signature to the CA.
Table 141 The CA verifies the digital signature, approves the application, and issues a certificate.
Table 142 The RA receives the certificate from the CA, sends it to the LDAP server to provide directory navigation service, and notifies the entity that the certificate is successfully issued.
Table 143 The entity retrieves the certificate. With the certificate, the entity can communicate with other entities safely through encryption and digital signature.
Table 144 The entity makes a request to the CA when it needs to revoke its certificate. The CA approves the request, updates the CRLs and publishes the CRLs on the LDAP server.
Configuring PKIConfiguration task list
The device supports the following PKI certificate request modes:
∙
∙
You can specify the PKI certificate request mode for a PKI domain. Different PKI certificate request modes require different configurations:
Requesting a certificate manually
Perform the tasks in 1 to request a certificate manually.
385