C H A P T E R 3

Keys and Certificates

4.Save the configuration when the server has been mapped.

Intel 7115> config save

Saving configuration to flash...

Configuration saved to flash Intel 7115>

Global Site Certificates

Overview

Four types of certificates are involved in the following discussion:

Root Certificate. The certificate of a trusted CA such as VeriSign.

Server Certificate. Loaded on the server. Can be either self- generated or received from a certificate authority such as VeriSign. Interacts with requesting browser’s root certificate to establish encryption level.

Global Site Certificate. An extended server certificate. Allows 128-bit encryption for export-restricted browsers.

Intermediate certificate authority (CA) Certificate. A certificate “signed,” that is, authenticated, by a recognized certificate authority such as VeriSign, and used to validate a global site certificate. Called an “intermediate CA certificate” in the following discussion.

Export versions of Internet Explorer§ and Netscape§ Communicator use 40-bit encryption to initiate connections to SSL servers. Upon receiving a client request, the server responds by sending a digital certificate. If this certificate is a conventional server certificate (that is, not a global site certificate), browser and server complete the SSL handshake and use a 40-bit key to encrypt application data. If the server responds to a requesting browser with a global site certificate, the client automatically renegotiates the connection to use 128-bit encryption.

3-15

Page 37
Image 37
Intel A31032-001 manual Global Site Certificates, Overview