ICR-1601
120
3.3
Certificate
In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an
electronic document used to prove ownership of a public key. The certificate includes information about
the key, information about its owner's identity, and the digital signature of an entity that has verified the
certificate's contents are genuine. If the signature is valid, and the person examining the certificate trusts
the signer, then they know they can use that key to communicate with its owner
1
.
In a typical public-key infrastructure (PKI) scheme, the signer is a certificate authority (CA), usually
a company such as VeriSign which charges customers to issue certificates for them. In a web of trust
scheme, the signer is either the key's owner (a self-signed certificate) or other users ("endorsements")
whom the person examining the certificate might know and trust. The device also plays as a CA role.
Certificates are an important component of Transport Layer Security (TLS, sometimes called by its
older name SSL), where they prevent an attacker from impersonating a secure website or other server.
They are also used in other important applications, such as email encryption and code signing. Here, it can
be used in IPSec tunneling for user authentication.
3.3.1
My Certificate
My Certificate includes a Local Certificate List. Local Certificate List shows all generated certificates by
the root CA for the router. And it also stores the generated Certificate Signing Requests (CSR) which will be
signed by other external CAs. The signed certificates can be imported as the local ones of the router.
Self-signed Certificate Usage Scenario
Scenario Application Timing
When the enterprise router owns the root CA and VPN tunneling function, it can generate its own local
certificates by being signed by itself or import any local certificates that are signed by other external
CAs.
Also import the trusted certificates for other CAs and Clients. In addition, since it has the root CA, it also