How Local User Authentication Works: RADIUS, Privilege Groups and X.509 Certificates
CA Certificates
CA Certificates are digital certificates issued and signed by either a local Certificate Authority server or a Certificate Authority organization such as Verisign. You can create CA Certificates and sign them yourself using tools like OpenSSL.
CA Certificates are installed on the CA server for your organization and are used to verify local certificates by signing them. The X family device supports the PKCS#7 or DER format for CA Certificates.
You can manage CA Certificates for the X family device from the LSM. From the CA Certificates page, you can:
•import the CA Certificates used by your organization
•view Current CA Certificates
•maintain a Certificate Revocation List (CRL) to ensure that the CA Certificates on the X family device are valid
The following figure shows the CA Certificate page.
Figure
Current CA Certificates Parameter Details
The Current CA Certificates table provides the following information about existing CA Certificates:
Table
Column | Description |
|
|
|
|
Name | Local name the device uses to reference the certificate, specified during the import process. |
|
|
Expires On | Expiration date of the CA Certificate |
|
|
Status | The status of the certificate, either: |
| • Valid if the certificate may be used. |
| • Revoked if the certificate has been revoked by a CRL. |
|
|
X Family LSM User’s Guide V 2.5.1 | 257 |
|
|