distribution point. Field within a digital certificate containing information
that describes how to retrieve the CRL for the certificate. The most common
CDPs are HTTP and LDAP URLs. A CDP may also contain other types of URLs or an
LDAP directory specification. Each CDP contains one URL or directory
certificates —Electronic documents that bind a
user’s or device’s name to its public key. Certificates are commonly used to
validate a digital signature.
revocation list. Electronic document that contains a list of revoked
certificates. The CRL is created and digitally signed by the CA that originally
issued the certificates. The CRL contains dates for when the certificate was
issued and when it expires. A new CRL is issued when the current CRL expires.
CA —certification authority. Service responsible
for managing certificate requests and issuing certificates to participating
IPSec network devices. This service provides centralized key management for the
participating devices and is explicitly trusted by the receiver to validate
identities and to create digital certificates.
certificate --Certificate presented by a peer, which contains the
peer’s public key and is signed by the trustpoint CA.
PKI —public key infrastructure. System that manages
encryption keys and identity information for components of a network that
participate in secured communications.
authority. Server that acts as a proxy for the CA so that CA functions can
continue when the CA is offline. Although the RA is often part of the CA
server, the RA could also be an additional application, requiring an additional
device to run it.
RSA keys —Public
key cryptographic system developed by Ron Rivest, Adi Shamir, and Leonard
Adleman. An RSA key pair (a public and a private key) is required before you
can obtain a certificate for your router.