A central fixture of a PKI is an information protection method called public key cryptography. This cryptographic system involves two mathematically related keys, known as a key pair. One key, the private key, is kept secret by the owner of the key. The other key, known as the public key, may be distributed far and wide by its owner. The keys in the key pair are complementary. Only the private key can decrypt information encrypted with the public key. And only the public key verifies information signed with the private key.
The integrity and identity of public keys is maintained using digital certificates. A root certificate, which contains the public key of the CA, ensures that the client certificates are valid.
Certificates have a fixed lifetime that is determined when they are issued. However, certificates are sometimes revoked before the expiration date and time that was originally set for them. To keep track of which certificates are no longer valid, the CA maintains an online, up-to-date listing of revoked certificates called a certificate revocation list (CRL). Before validating a certificate, the CRL is checked to make sure the certificate has not been revoked.
Related topics:
Defining a Firebox as a DVCP Server and CA
Managing the Certificate Authority
Managing certificates from the CA Manager
Copyright
© 1996 - 2003 WatchGuard Technologies, Inc. All rights reserved.
Legal Notice/Terms of Use