Symbol Technologies WS 2000 Switch User Manual


 
Administrator and User Access 6-11
Managing Digital Certificates
A digital certificate is an electronic identification card that establishes your credentials when doing business or other
transactions on the Web. It is issued by a certification authority (CA). It contains a name, a serial number, expiration dates,
a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature
of the certificate-issuing authority so that a recipient can verify that the certificate is real.
The WS 2000 Wireless Switch uses digital certificates for VPN access authentication and user authentication. The
application provides two mechanisms for defining/importing digital certificates:
CA certificates are those that a CA creates and signs with its own private key. These certificates are imported into the
switch CA certificate library. (See Importing CA Certificates for directions.)
Self certificates are those that an organization creates a certificate request, sends it off to a Certificate Authority (CA)
to be signed, and then imports the signed certificate into the management system. (See Creating Self Certificates for
directions.)
Importing CA Certificates
A certificate authority (CA) is a network authority that issues and manages security credentials and public keys for message
encryption. The CA signs all digital certificates that it issues with its own private key. The corresponding public key is
contained within the certificate and is called a CA certificate. A browser must contain this CA certificate in its “Trusted Root
Library” so that it can trust certificates “signed” by the CA’s private key.
Depending on the public key infrastructure implementation, the digital certificate includes the owner’s public key, the
expiration date of the certificate, the owner’s name, and other information about the public key owner.
The WS 2000 Management System provides the means to import and maintain a set of CA certificates to be used as an
authentication option for VPN access. To use the certificate for a VPN tunnel, define a tunnel and select the IKE settings to
use either RSA or DES certificates.
Before you import a certificate, you need to get one. Ask a CA for a certificate. They will typically send you the certificate
information in an email message. You will need to import the content of the message into the WS 2000 Network
Management System.
Note: Make sure that the WS 2000 is time synchronized with an NTP server before importing a
certificate to avoid issues with conflicting date/time stamps.
To import a CA certificate perform the following steps:
1. Select Network --> Certificates --> CA Certificates from the left menu. The following screen appears.