
16 Security in Detail
Security Certificate Principles
To sign other certificates, the authority uses a private key. The published authority certificate contains the matching public key that allows another to verify the signature but not recreate it.
The authority’s certificate can be signed by itself, resulting in a
An authority that signs other’s certificates is also called a Certificate Authority (CA). The last in line is then the
Since obtaining a certificate signed by a CA that is managed by another company can be expensive, it is possible to become one’s own CA. Tools exist to generate
A certificate before it is signed is known as a certificate request, which only contains the identifying information. Signing it makes it a certificate. One’s certificate is also used to sign any message transmitted to the peer to identify the originator and prevent tampering while transported.
In short:
When using HTTPS, SSL Tunneling in Accept mode, and/or
When using SSL Tunneling in Connect mode and/or
RSA or DSA
As mentioned above, the certificates contain a public key. Different key exchange methods require different public keys and thus different styles of certificate. The XPort Pro supports key exchange methods that require a
If only one of these certificates is stored in the XPort Pro, only those key exchange methods that can work with that style certificate are enabled. RSA is sufficient in most cases.
Obtaining a Certificate and Private Key
You can obtain a certificate by completing a certificate request and sending it to a certificate authority that will create a certificate/key combo, usually for a fee. Or generate your own. A few utilities exist to generate
You can use XML to export the certificate in PEM format, but you cannot export the key. Hence the internal certificate generator can only be used for certificates that are to identify that particular XPort Pro.
XPort Pro™ User Guide | 138 |