267
2.
The RA verifies the identity of the entity and sends a digital signature containing the identity
information and the public key to the CA.
3.
The CA verifies the digital signature, approves the request, and issues a certificate.
4.
After receiving the certificate from the CA, the RA sends the certificate to the certificate
repositories and notifies the PKI entity that the certificate has been issued.
5.
The entity obtains the certificate from the certificate repository.
PKI applications
The PKI technology can meet security requirements of online transactions. As an infrastructure, PKI
has a wide range of applications. Here are some application examples.
•
VPN
—A VPN is a private data communication network built on the public communication
infrastructure. A VPN can use network layer security protocols (for example, IPsec) in
conjunction with PKI-based encryption and digital signature technologies for confidentiality.
•
Secure
emails
—PKI can address the email requirements for confidentiality, integrity,
authentication, and non-repudiation. A common secure email protocol is Secure/Multipurpose
Internet Mail Extensions (S/MIME), which is based on PKI and allows for transfer of encrypted
mails with signature.
•
Web
security
—PKI can be used in the SSL handshake phase to verify the identities of the
communicating parties by digital certificates.
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for
features, commands, and parameters might differ in FIPS mode (see "
") and
non-FIPS mode.
PKI configuration task list
Tasks at a glance
(Required.)
(Required.)
(Required.)
•
Configuring automatic certificate request
•
Manually requesting a certificate
(Optional.)
Aborting a certificate request
(Optional.)
(Optional.)
(Optional.)
Specifying the storage path for the certificates and CRLs
(Optional.)
(Optional.)
(Optional.)
Configuring a certificate-based access control policy
Summary of Contents for FlexFabric 5940 SERIES
Page 251: ...238 ...