Filter
Top Products
Administration from the web interface
212
X.509 Certificate/Key Management
The X.509 Certificate/Key Management pages are for loading and managing X.509
certificates and public/private host key pairs that are public key infrastructure (PKI) based
security. There are several pages for managing several certificate databases:
The Certificate Authority (CA) database is used to load certificate
authority digital certificates. A certificate authority (CA) is a trusted
third party which issues digital certificates for use by other parties.
Digital certificates issued by the CA contain a public key. The
certificate also contains information about the individual or
organization to which the public key belongs. A CA verifies digital
certificate applicants' credentials. The CA certificate allows
verification of digital certificates, and the information contained
therein, issued by that CA.
The Certificate Revocation List (CRL) database is used to load
certificate revocation lists for loaded CAs. A certificate revocation
list (CRL) is a file that contains the serial numbers of digital
certificates issued by a CA which have been revoked, and should no
longer be trusted. Like CAs, CRLs are a vital part of a public key
infrastructure (PKI). The digital certifiicate of the corresponding CA
must be installed before the CRL can be loaded.
The Virtual Private Networking (VPN) Identities database is used
to load host certificates and keys. Identity certificates and keys keys
allow for IPSec authentication and secure key exchange with
ISAKMP/IKE using RSA or DSA signatures. The VPN identity
certificate must be issued by a CA trusted by the peer.
The Secure Sockets Layer (SSL) and Transport Layer Security
(TLS) databases are used to load host certificates and keys, as well
as peer certificates and revocations.
The Secure Shell (SSHv2) Hostkeys database is used to load host
private keys. SSHv2 host keys are used for authentication with
SSHv2 clients and secure key exchange. A default 1024-bit DSA key
is generated automatically if none exists when the device boots.