3.9. Certificates
3.9.1. Overview
The X.509 Standard
NetDefendOS supports digital certificates that comply with the ITU-T X.509 standard. This
involves the use of an X.509 certificate hierarchy with public-key cryptography to accomplish key
distribution and entity authentication. References in this document to certificates mean X.509
certificates.
When distributed to another party, a certificate performs two functions:
• It distributes the certificate owner's public key.
• It establishes the certificate owner's identity.
A certificate acts as a digital proof of identity. It links an identity to a public key in order to
establish whether a public key truly belongs to the supposed owner. By doing this, it prevents
data transfer interception by a malicious third-party who might post a fake key with the name
and user ID of an intended recipient.
Certificate Components
A certificate consists of the following:
• A public key.
• The "identity" of the user, such as name and user ID.
• Digital signatures that verify that the information enclosed in the certificate has been verified
by a CA.
By binding the above information together, a certificate is a public key with identification
attached, coupled with a stamp of approval by a trusted party.
Certificates in NetDefendOS
A certificate is stored in a NetDefendOS configuration as a Certificate object. There is always one
certificate object already predefined in NetDefendOS which is the self-signed certificate
HTTPSAdminCert and this is sent to the browser when opening a Web Interface session using
HTTPS and is also used with SSL VPN.
A list of installed certificates can be displayed with the Web Interface or CLI. With the CLI, the
command would be:
gw-world:/> show Certificate
Name Type Comments
-------------- ----- --------
HTTPSAdminCert Local <empty>
The HTTPSAdminCert is a pre-installed certificate in NetDefendOS that is used for management
communication using HTTPS. This certificate is "self-signed". To view the properties of this
certificate, use the CLI command:
Chapter 3: Fundamentals
268
To Next Page
Loading...
