CERTIFICATES AND PKI
PKI or Public Key Infrastructure is a cryptographic system (based on asymmetrical
cryptography). It uses signature mechanisms and certifies public keys (by associating a key to
a user) which allow encrypting and signing messages as well as traffic in order to ensure
confidentiality, authentication, integrity and non-repudiation.
The Stormshield Network PKI allows generating and issuing certificate authorities (CAs) as well as
certificates. These contain a bi-key associated with information that may belong to a user, a
server, etc. The aim of Stormshield Network’s PKI is to authenticate these elements.
For the use of the SSL VPN feature, the CA (certificate authority) “SSL VPN-full-default-authority”
includes a server certificate “openvpnserver” and a user certificate “openvpnclient”. This allows
the client and the Stormshield Network firewall’s SSL VPN service to identify each other without
relying on an external authority.
The window of the Certificates and PKI module consists of 3 sections:
l At the top of the screen, the different operations possible in the form of a search bar and
buttons.
l On the left, the list of authorities and certificates.
l On the right, details concerning the authority or certificate selected earlier in the list on the left,
as well as the information concerning the CRL and the configuration of the CA or sub-CA.
Possible operations
Search bar
Enter the name of the particular certificate or CA you are looking for if it exists.
The search field will list all certificates and CAs with names that correspond to the keywords
entered.
Example:
If you type “a” in the search bar, the list below it will show all certificates containing an “a”.
Filter
This button allows you to select the type of certificate to display and to view only items that are
relevant to you. A drop-down menu will offer you the following choices:
All
Represented by the icon , this option allows displaying all existing authorities and
certificates in the list on the left.
Certificate authorities
Represented by the icon , this option allows displaying all existing authorities and
sub-authorities in the list on the left.
User certificates
Represented by the icon , this option allows displaying only user certificates and
the CA that they depend on.
Server certificates
Represented by the icon , this option allows displaying only server certificates and
the CA that they depend on.
Smartcard certificates
Represented by the icon , this option allows displaying only Smartcard certificates
and the CA that they depend on.
Page 64/448 sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
SNS - USER CONFIGURATION MANUAL V.3
CERTIFICATES AND PKI
To Next Page
Loading...
