Filter
Top Products
AT-S63 Management Software Features Guide
Section IX: Management Security 411
PKI
Implementation
The following sections discuss the implementation of PKI on the AT-9400
Switch. The following topics are covered:
PKI Standards
Certificate Retrieval and Storage
Certificate Validation
Root CA Certificates
PKI Standards
The following standards are supported by the switch:
draft-ietf-pkix-roadmap-05 — PKIX Roadmap
RFC 1779 — A String Representation of Distinguished Names
RFC 2459 — PKIX Certificate and CRL Profile
RFC 2511 — PKIX Certificate Request Message Format
PKCS #10 v1.7 — Certification Request Syntax Standard
Certificate Retrieval and Storage
Certificates are stored by CAs in publicly accessible repositories for
retrieval by end entities. The following repositories used in PKI are
commonly accessed via the following protocols: Hypertext Transfer
Protocol (HTTP), File Transfer Protocol (FTP).
Before the switch can use a certificate, it must be retrieved and manually
added to the switch’s certificate database, which is stored in RAM
memory. The switch attempts to validate the certificate, and if validation is
successful the certificate’s public key is available for use.
Root CA Certificate Validation
Root CA certificates are verified out of band by comparing the certificate’s
fingerprint (the encrypted one-way hash with which the issuing CA signs
the certificate) with the fingerprint which the CA has supplied by a non-
network-based method.