1830
C
HAPTER
97: PKI C
ONFIGURATION
A CA may publish multiple CRLs when the number of revoked certificates is so
large that publishing them in a single CRL may degrade network performance.
CA policy
A CA policy is a set of criteria that a CA follows in managing certificate requests
and in issuing, revoking, and publishing CRLs. Usually, a CA advertises its policy in
the form of certification practice statement (CPS), which can be acquired through
out-of-band means such as phone, disk, and e-mail or through other means. Since
different CAs may use different methods to check the binding of a public key with
an entity, make sure that you understand the CA policy before selecting a trusted
CA for certificate request.
Architecture of PKI
A PKI system consists of entities, a CA, a registration authority (RA) and a PKI
repository, as shown in
Figure 532
.:
Figure 532
PKI architecture
Entity
An entity is an end user of PKI products or services, like a person, an organization,
a device (for instance, a router or a switch) or a progress running on a computer.
CA
A CA is a trusted entity responsible for the issuing and management of digital
certificates. Its function includes: issuing certificates, specifying the validity period
of a certificate, and revoking a certificate as needed by publishing CRLs.
RA
A registration authority (RA) is an extended part of a CA or an independent
authority. An RA can implement functions such as identity authentication, CRL
management, key pair generation and key pair backup. The PKI standard
recommends that an independent RA be used for registration management to
achieve higher security of application systems.
PKI repository
A PKI repository includes a lightweight directory access protocol (LDAP) server and
some general databases that stores and manages information like certificate
PKI manager
Ce
rtif
ic
a
te
/
CR
L
r
e
p
o
sit
o
ry
Entity
RA
CA
PKI client
Issue a
certificate
Issue a certificate
/ CRL
Содержание MSR 50 Series
Страница 152: ...152 CHAPTER 5 ATM CONFIGURATION...
Страница 209: ...Troubleshooting 209 Use the debugging dialer event and debugging dialer packet commands to locate the problem...
Страница 210: ...210 CHAPTER 6 DCC CONFIGURATION...
Страница 234: ...234 CHAPTER 7 DLSW CONFIGURATION...
Страница 344: ...344 CHAPTER 14 X 25 AND LAPB CONFIGURATION...
Страница 350: ...350 CHAPTER 15 LINK AGGREGATION OVERVIEW...
Страница 358: ...358 CHAPTER 17 MODEM CONFIGURATION...
Страница 486: ...486 CHAPTER 23 MSTP CONFIGURATION...
Страница 506: ...506 CHAPTER 25 VOICE VLAN CONFIGURATION...
Страница 510: ...510 CHAPTER 26 PORT ISOLATION CONFIGURATION...
Страница 524: ...524 CHAPTER 27 DYNAMIC ROUTE BACKUP CONFIGURATION...
Страница 538: ...538 CHAPTER 28 LOGICAL INTERFACE CONFIGURATION...
Страница 548: ...548 CHAPTER 29 CPOS INTERFACE CONFIGURATION...
Страница 572: ...572 CHAPTER 32 DHCP OVERVIEW...
Страница 604: ...604 CHAPTER 36 DHCP SNOOPING CONFIGURATION...
Страница 608: ...608 CHAPTER 37 BOOTP CLIENT CONFIGURATION...
Страница 646: ...646 CHAPTER 42 IP UNICAST POLICY ROUTING CONFIGURATION...
Страница 650: ...650 CHAPTER 43 UDP HELPER CONFIGURATION...
Страница 738: ...738 CHAPTER 50 IPV6 UNICAST POLICY ROUTING CONFIGURATION...
Страница 770: ...770 CHAPTER 51 TERMINAL ACCESS CONFIGURATION...
Страница 798: ...798 CHAPTER 52 FEP INSTALLATION AND CONFIGURATION...
Страница 808: ...808 CHAPTER 53 TERMINAL ACCESS TROUBLESHOOTING...
Страница 814: ...814 CHAPTER 54 TERMINAL ACCESS FAQ...
Страница 824: ...824 CHAPTER 55 IP ROUTING OVERVIEW...
Страница 876: ...876 CHAPTER 56 BGP CONFIGURATION...
Страница 916: ...916 CHAPTER 57 IS IS CONFIGURATION...
Страница 970: ...970 CHAPTER 58 OSPF CONFIGURATION...
Страница 1006: ...1006 CHAPTER 60 ROUTING POLICY CONFIGURATION...
Страница 1013: ...Configuration Example 1013 3 1 ms 1 ms 1 ms 1 1 2 2 Trace complete...
Страница 1014: ...1014 CHAPTER 61 STATIC ROUTING CONFIGURATION...
Страница 1048: ...1048 CHAPTER 63 IPV6 IS IS CONFIGURATION...
Страница 1068: ...1068 CHAPTER 64 IPV6 OSPFV3 CONFIGURATION...
Страница 1080: ...1080 CHAPTER 65 IPV6 RIPNG CONFIGURATION...
Страница 1114: ...1114 CHAPTER 68 MULTICAST ROUTING AND FORWARDING CONFIGURATION...
Страница 1160: ...1160 CHAPTER 70 MSDP CONFIGURATION...
Страница 1234: ...1234 CHAPTER 73 MLD CONFIGURATION...
Страница 1278: ...1278 CHAPTER 74 IPV6 PIM CONFIGURATION...
Страница 1310: ...1310 CHAPTER 75 MULTICAST VPN CONFIGURATION...
Страница 1344: ...1344 CHAPTER 76 MPLS BASICS CONFIGURATION...
Страница 1458: ...1458 CHAPTER 78 MPLS L2VPN CONFIGURATION...
Страница 1555: ...MPLS L3VPN Configuration Example 1555 5 packet s received 0 00 packet loss round trip min avg max 66 79 109 ms...
Страница 1556: ...1556 CHAPTER 79 MPLS L3VPN CONFIGURATION...
Страница 1588: ...1588 CHAPTER 80 DVPN CONFIGURATION...
Страница 1648: ...1648 CHAPTER 85 QOS POLICY CONFIGURATION...
Страница 1696: ...1696 CHAPTER 89 MPLS QOS CONFIGURATION...
Страница 1708: ...1708 CHAPTER 90 DAR CONFIGURATION...
Страница 1728: ...1728 CHAPTER 91 FRAME RELAY QOS CONFIGURATION...
Страница 1750: ...1750 CHAPTER 92 802 1X CONFIGURATION...
Страница 1788: ...1788 CHAPTER 93 AAA RADIUS HWTACACS CONFIGURATION...
Страница 1810: ...1810 CHAPTER 95 MAC AUTHENTICATION CONFIGURATION...
Страница 1850: ...1850 CHAPTER 97 PKI CONFIGURATION...
Страница 1872: ...1872 CHAPTER 98 PORTAL CONFIGURATION...
Страница 1970: ...1970 CHAPTER 106 BACKUP CENTER CONFIGURATION...
Страница 2048: ...2048 CHAPTER 110 NETSTREAM CONFIGURATION...
Страница 2084: ...2084 CHAPTER 112 RMON CONFIGURATION...
Страница 2094: ...2094 CHAPTER 113 SNMP CONFIGURATION...
Страница 2114: ...2114 CHAPTER 115 FTP CONFIGURATION...
Страница 2123: ...System Maintaining Example 2123 The above output shows that nine routers are involved from the source to the destination device...
Страница 2124: ...2124 CHAPTER 117 SYSTEM MAINTAINING AND DEBUGGING...
Страница 2154: ...2154 CHAPTER 119 INFORMATION CENTER CONFIGURATION...
Страница 2170: ...2170 CHAPTER 121 MAC ADDRESS TABLE MANAGEMENT CONFIGURATION...
Страница 2186: ...2186 CHAPTER 123 POE CONFIGURATION...
Страница 2198: ...2198 CHAPTER 125 ACFP CONFIGURATION...
Страница 2206: ...2206 CHAPTER 126 ACSEI CONFIGURATION...
Страница 2216: ...2216 CHAPTER 127 TRACK CONFIGURATION...
Страница 2232: ...2232 CHAPTER 128 IPX CONFIGURATION...
Страница 2242: ...2242 CHAPTER 129 VOICE OVERVIEW...
Страница 2244: ...2244 CHAPTER 130 VOIP OVERVIEW...
Страница 2288: ...2288 CHAPTER 132 VOICE ENTITY CONFIGURATION...
Страница 2342: ...2342 CHAPTER 134 E1 AND T1 CONFIGURATION...
Страница 2354: ...2354 CHAPTER 135 FAX OVER IP CONFIGURATION...
Страница 2366: ...2366 CHAPTER 136 H 323 CONFIGURATION...
Страница 2384: ...2384 CHAPTER 137 SIP OVERVIEW...