Operation Manual – PKIH3C S3610&S5510 Series Ethernet Switches Chapter 1 PKI Configuration1-1Chapter 1 PKI ConfigurationWhen configuring PKI, go to these sections for information you are interested in:z Introduction to PKIz PKI Configuration Task Listz Displaying and Maintaining PKIz PKI Configuration Examplesz Troubleshooting PKI1.1 Introduction to PKIThis section covers these topics:z PKI Overviewz PKI Termsz Architecture of PKIz Applications of PKIz Operation of PKI1.1.1 PKI OverviewPublic Key Infrastructure (PKI) is a system designed for providing information securitythrough public key technologies and digital certificates and verifying the identities of thedigital certificate owners.PKI employs digital certificates, which are bindings of certificate owner identityinformation and public keys. PKI allows users to request certificates, use certificates,and revoke certificates. By leveraging digital certificates and relevant services likecertificate distribution and blacklist publication, PKI supports authentication the entitiesinvolved in communication, and thus guaranteeing the confidentiality, integrity andnon-repudiation of data.1.1.2 PKI TermsI. Digital certificateA digital certificate is a file signed by a certificate authority (CA) that contains a publickey and the related user identity information. A simplest digital certificate contains apublic key, an entity name, and a digital signature from the CA. Generally, a digitalcertificate also includes the validity period of the key, the name of the CA and thesequence number of the certificate. A digital certificate must comply with theinternational standard of ITUTX.5.9. This manual involves two types of certificates:local certificate and CA certificate. A local certificate is a digital certificate signed by a
