Operation Manual – PKIH3C S3610&S5510 Series Ethernet Switches Chapter 1 PKI Configuration1-3I. EntityAn entity is an end user of PKI products or services, such as a person, an organization,a device like a switch, or a process running on a computer.II. CAA CA is a trusted entity responsible for issuing and managing digital certificates. A CAissues certificates, specifies the validity period of a certificate, and revokes a certificateas needed by publishing CRLs.III. RAA registration authority (RA) is an extended part of a CA or an independent authority. AnRA can implement functions including identity authentication, CRL management, keypair generation and key pair backup. The PKI standard recommends that anindependent RA be used for registration management to achieve higher security ofapplication systems.IV. PKI repositoryA PKI repository includes a Lightweight Directory Access Protocol (LDAP) server andsome common databases that stores and manages information like certificate requests,certificates, keys, CRLs and logs while providing a simple query function.LDAP is a protocol for accessing and managing PKI information. An LDAP serverstores user information and digital certificates from the RA server and providesdirectory navigation service. From an LDAP server, an entity can retrieve local and CAcertificates of its own as well as certificates of other entities.1.1.4 Applications of PKIThe PKI technology can satisfy the security requirements of online transactions. As aninfrastructure, PKI has a wide range of applications. Here are some applicationexamples.I. VPNA virtual private network (VPN) is a proprietary data communication network built overthe public communication infrastructure. A VPN can leverage network layer securityprotocols (for instance, IPSec) in conjunction with PKI-based encryption and digitalsignature technologies for confidentiality.II. Secure E-mailE-mails also require confidentiality, integrity, authentication, and non-repudiation. PKIcan address these needs. The secure E-mail protocol that is currently developingrapidly is Secure/Multipurpose Internet Mail Extensions (S/MIME), which is based onPKI and allows for transfer of encrypted mails and mails with signature.
