149
PKI applications
The PKI technology can satisfy the security requirements of online transactions. As an infrastructure, PKI
has a wide range of applications. Here are some application examples.
VPN
A VPN is a private data communication network built on the public communication infrastructure. A VPN
can leverage network layer security protocols (for instance, IPsec) in conjunction with PKI-based
encryption and digital signature technologies for confidentiality.
Secure e-mail
Emails require confidentiality, integrity, authentication, and non-repudiation. PKI can address these
needs. The secure email protocol that is developing rapidly is S/MIME, which is based on PKI and
allows for transfer of encrypted emails with signature.
Web security
For web security, two peers can establish an SSL connection first for transparent and secure
communications at the application layer. With PKI, SSL enables encrypted communications between a
browser and a server. Both of the communication parties can verify each other’s identity through digital
certificates.
PKI operation
In a PKI-enabled network, an entity can request a local certificate from the CA, and the device can check
the validity of certificates. Here is how it works:
1. An entity submits a certificate request to the RA.
2. The RA reviews the identity of the entity and then sends the identity information and the public key
with a digital signature to the CA.
3. The CA verifies the digital signature, approves the application, and issues a certificate.
4. The RA receives the certificate from the CA, sends it to the LDAP server to provide directory
navigation service, and notifies the entity that the certificate is successfully issued.
5. The entity retrieves the certificate. With the certificate, the entity can communicate with other entities
safely through encryption and digital signature.
6. The entity makes a request to the CA when it needs to revoke its certificate. The CA approves the
request, updates the CRLs, and publishes the CRLs on the LDAP server.
PKI configuration task list
Task Remarks
Configuring an entity DN
Required.
Configuring a PKI domain
Required.
Submitting a PKI certificate
request
Submitting a certificate request in auto mode
Required.
Use either
approach.
Submitting a certificate request in manual
mode
To Next Page
Loading...
Need help?
General