Manualshelf

WU-FTPD 2.6.1 release notes (July 2010)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v2 Networking Software
11121314151617181920
Certificates and Authorities
A certificate is a collection of information that uniquely identifies a client or a server.
It includes descriptive fields, such as the name of an organization and its location, and
cryptographic information, such as keys and signatures.
The private key of an asymmetrical key pair can be used to sign the content that, when
decrypted using the public key, establishes the signature. This signature can be used
to offer proof of identity. The public key infrastructure (PKI) uses a hierarchy of
trustworthiness for the validation of identities, in addition to signing certificates and
keys. This is in contrast to the web of trust used in pretty good protection (PGP), which
has no central authority.
The central authority in a PKI issues a Certificate Authority (CA), a definitive certificate
that contains the information and the public key of the server. This CA can be used to
sign other certificates, by signing the public key of a requesting body, such as your
server, with the private key. The trust in identity is transitive, because the CA is
recognized by all the involved parties as authoritative: "I trust the CA, and the CA says
that it is you, so it must be true."
Certificates can be revoked because of expiration or compromise in security. To do this,
the issuing body provides a certificate revocation list (CRL) that identifies the certificates
to be invalidated. This is also trusted because strong proof is provided through the
trust mechanisms.
Certificates are available in different formats, though Privacy Enhanced Mail (PEM) is
the most widely used format. The PEM encoding is an ASCII text representation of the
binary data in the ASN.1 format. The X.509 standard defines the distinguished name
(DN) format used in these certificates.
A certificate contains the following information that accompanies the cryptographic
keys:
Common name (CN) being certified
Organization (O) associated
Organizational unit (OU), such as a department within an organization
City or location (L) where an organization is located
State or province (SP) where the city is located
Country (C) in the International Organization for Standardization (ISO) format
(such as U.S.)
The DN is a combination of the different certificate information. The PEM-encoded
certificate contains this information along with the DN of the issuer, the validity period
of the certificate, various administration information, such as a serial number of the
certificate, and any other required information, such as Netscape-specific tags. These
certificates are used to establish the identity and trustworthiness of the presenter, such
as a server or a client. These certificates are also used to authenticate the connecting
party and to take appropriate action, such as allowing a connection to proceed, and
WU-FTPD 2.6.1 Features 13