257
DWS-1008 User’s Manual
D-Link Systems, Inc.
Managing Keys and Certificates
Public Key Infrastructures
A public-key infrastructure (PKI) is a system of digital certificates and certification authorities
that verify and authenticate the validity of each party involved in a transaction through the use
of public key cryptography. To have a PKI, the switch requires the following:
• A public key
• A private key
• Digital certificates
• A CA
• A secure place to store the private key
A PKI enables you to securely exchange and validate digital certificates between switches,
servers, and users so that each device can authenticate itself to the others.
Public and Private Keys
D-Link’s identity-based networking uses public key cryptography to enforce the privacy of
data transmitted over the network. Using public-private key pairs, users and devices can
send encrypted messages that only the intended receiver can decrypt.
Before exchanging messages, each party in a transaction creates a key pair that includes
the public and private keys. The public key encrypts data and verifies digital signatures, and
the corresponding private key decrypts data and generates digital signatures. Public keys are
freely exchanged as part of digital certificates. Private keys are stored securely.
Digital Certificates
Digital certificates bind the identity of network users and devices to a public key. Network
users must authenticate their identity to those with whom they communicate, and must be
able to verify the identity of other users and network devices, such as switches and RADIUS
servers.
The D-Link MobileLAN system supports the following types of X.509 digital certificates:
•
Administrative certificate
- Used by the switch to authenticate itself to RingMaster
or Web View.
•
EAP certificate
- Used by the switch to authenticate itself to EAP clients.
•
WebAAA certificate
- Used by the switch to authenticate itself to WebAAA clients,
who use a web page served by an switch to log onto the network.
•
Certificate authority (CA) certificates
- Used by the switch in addition to the
certificates listed above, when those certificates are from the CA.