Configuring Certificates
This chapter describes how to configure certificates. CAs are responsible for managing certificate
requests and issuing digital certificates. A digital certificate includes information that identifies a user
or device, such as a name, serial number, company, department, or IP address. A digital certificate also
includes a copy of the public key for the user or device. A CA can be a trusted third party, such as
VeriSign, or a private (in-house) CA that you establish within your organization.
This chapter includes the following sections:
•
•
Public Key Cryptography
This section includes the following topics:
•
•
•
•
•
About Public Key Cryptography
Digital signatures, enabled by public key cryptography, provide a means to authenticate devices and
users. In public key cryptography, such as the RSA encryption system, each user has a key pair
containing both a public and a private key. The keys act as complements, and anything encrypted with
one of the keys can be decrypted with the other.
In simple terms, a signature is formed when data is encrypted with a private key. The signature is
attached to the data and sent to the receiver. The receiver applies the public key of the sender to the data.
If the signature sent with the data matches the result of applying the public key to the data, the validity
of the message is established.
This process relies on the receiver having a copy of the public key of the sender and a high degree of
certainty that this key belongs to the sender, not to someone pretending to be the sender.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Public Key Cryptography, page 12-1
Certificate Configuration, page 12-3
About Public Key Cryptography, page 12-1
Certificate Scalability, page 12-2
About Key Pairs, page 12-2
About Trustpoints, page 12-3
About Revocation Checking, page 12-3
12
C H A P T E R
12-1