243
5. The entity retrieves the certificate. With the certificate, the entity can communicate with other
entities safely through encryption and digital signature.
6. The entity makes a request to the CA when it needs to revoke its certificate. The CA approves
the request, updates the CRLs and publishes the CRLs on the LDAP server or other distribution
points.
PKI applications
The PKI technology can meet the security requirements of online transactions. As an infrastructure,
PKI has a wide range of applications. The following lists some common application examples:
• VPN—A VPN is a private data communication network built on the public communication
infrastructure. A VPN can leverage network layer security protocols (for instance, IPsec) in
conjunction with PKI-based encryption and digital signature technologies for confidentiality.
• Secure email—Emails require confidentiality, integrity, authentication, and non-repudiation.
PKI can address these needs. The secure email protocol that is developing rapidly is S/MIME,
which is based on PKI and allows for transfer of encrypted mails with signature.
• Web security—For Web security, two peers can establish an SSL connection first for
transparent and secure communications at the application layer. With PKI, SSL enables
encrypted communications between a browser and a server. Both of the communication parties
can verify each other's identity through digital certificates.
FIPS compliance
Table 14 shows the support of MSR routers for the FIPS mode that complies with NIST FIPS 140-2
requirements. Support for features, commands, and parameters might differ in FIPS mode (see
"Configuring FIPS") and non-FIPS mode.
Table 14 Hardware and FIPS mode compatibility matrix
Hardware FIPS mode compatibility
MSR900 No
MSR93X No
MSR20-1X No
MSR20 Yes
MSR30 Yes (except the MSR30-16)
MSR50 Yes
MSR1000 Yes
PKI configuration task list
Task Remarks
Configuring an entity DN
Required.
Configuring a PKI domain
Required.
Requesting a PKI certificate
Configuring automatic
certificate request
Required.
Use either method.
Manually requesting a
certificate
To Next Page
Loading...
Need help?
General
