Elements of a public key infrastructure – Allied Telesis AT-S60 User Manual

Chapter 24: Public Key Infrastructure (PKI)

Section V: Security Features

504

An X.509 v3 certificate consists of:

❑ A serial number, which distinguishes the certificate from all others

issued by that issuer. This serial number is used to identify the
certificate in a Certificate Revocation List, if necessary.

❑ The owner’s identity details, such as name, company and address.

❑ The owner’s public key, and information about the algorithm with

which it was produced.

❑ The identity details of the organization which issued the

certificate.

❑ The issuer’s digital signature and the algorithm used to produce it.

❑ The period for which the certificate is valid.

❑ Optional information is included, such as the type of application

with which the certificate is intended to be used.

The issuing organization’s digital signature is included in order to
authenticate the certificate. As a result, if a certificate is tampered with
during transmission, the tampering is detected.

Elements of a

Public Key

Infrastructure

A Public Key Infrastructure is a set of applications which manage the
creation, retrieval, validation and storage of certificates. A PKI consists of
the following key elements:

❑ At least one Certification Authority (CA), which issues and revokes

certificates.

❑ At least one publicly accessible repository, which stores

certificates and Certificate Revocation Lists.

❑ At least one End Entity (EE), which retrieves certificates from the

repository, validates them and uses them.

End Entities (EE)

End Entities own public keys and may use them for encryption and
digital signing. The switch acts as an End Entity.

An entity which uses its private key to digitally sign certificates is not
considered an End Entity. Instead, it is a Certification Authority.