TD 92685EN
28 June 2012 / Ver. A
Troubleshooting Guide
Ascom i62 VoWiFi Handset
69
Appendix C: Digital
Appendix C: Digital Certificates
TLS is a security mechanism based on cryptography (see 4.1.3 Cryptography) and is used
for encrypting communications between users and TLS-based Websites. The encryption
prevents eavesdropping and tampering with any transmitted data.
TLS operates on the OSI Model Level 5 and uses PKI (see Appendix C.
1).
C.1 Public Key Infrastructure
Public Key Infrastructure (PKI) is a component of Public Key Cryptography (PKC) that uses:
• Public Key Certificates, see Appendix C.1.1.
• Certificate Authorities, see Appendix C.1.2.
C.1.1 Public Key Certificates (Digital
Certificates)
Public Key Certificates are used for key exchan
ge and authentication. They are simply
electronic documents (files) that incorporate a digital signature to bind together a public
key with an identity (information such as the name or a person or organization, their
address, and so forth).
The signature may be signed by a trusted entity called a Certificate
Authority or
Certification Authority (CA), see Appendix C.1.2.
The most common use of public key certificates is for TLS certificates (https websites).
C.1.2 Certificate Authorities
A CA is a trusted entity which issues public key certi
ficates. The certificates contain a public
key and the identity of the owner. The CA asserts that the public key belongs to the owner,
so that users and relying parties can trust the information in the certificate.
A Certificate Signing Request (CSR) or Certification Request is a message that is generated
an
d sent to a CA to apply for a TLS certificate. Before the CSR is created a key pair is
generated, the private key kept secret. The CSR will contain the corresponding public key
and information identifying the applicant (such as distinguished name). The private key is
not part of the CSR but is used to digitally sign the entire request. Other credentials may
accompany the CSR.
If the request is successful, the CA will send back
an identity certificate that has been
digitally signed with the CA’s private key.
A CSR is valid for the server where the certificate will be installed.
C.2 Cryptography
Cryptography is the encoding of messages to render them unreadable by anyone other than
their intended recipient(s). Modern cryptography uses complex algorithms implemented on
modern computer systems.
Cryptography tasks can be divided into the two ge
neral categories Encryption and
Authentication.
C.2.1 Encryption
Encryption is the scrambling of information so that the original m
essage cannot be
determined by unauthorized recipients by applying an encryption algorithm to the message
plaintext producing ciphertext (apparently random bits). A decryption algorithm, if given