Chapter 18 Certificates

18.3 What You Need To Know

A Certification Authority (CA) issues certificates and guarantees the identity of each certificate owner. There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities. Note that the NWA also trusts any valid certificate signed by any of the imported trusted CA certificates. You can use the NWA to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority.

The NWA only has to store the certificates of the certification authorities that you decide to trust, no matter how many devices you need to authenticate.

Certificates are based on public-private key pairs. Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys.

The certification authority certificate that you want to import has to be in one of these file formats:

Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates.

PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses 64 ASCII characters to convert a binary X.509 certificate into a printable form.

Binary PKCS#7: This is a standard that defines the general syntax for data (including digital signatures) that may be encrypted. The NWA currently allows the importation of a PKS#7 file that contains a single certificate.

PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses 64 ASCII characters to convert a binary PKCS#7 certificate into a printable form.

You can have the NWA act as a certification authority and sign its own certificates. See Section 18.4.2 on page 211 for details on how to apply this.

18.4 My Certificates Screen

Use this screen to view the NWA’s summary of certificates and certification requests. Click Certificates > My Certificates. The following screen displays.

208

 

NWA-3500/NWA-3550 User’s Guide