Manualshelf

WU-FTPD 2.6.1 Release Notes for HP-UX 11i v1, HP-UX 11i v2 and HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 Foundation OE
11121314151617181920
keys. This is in contrast to the web of trust used in pretty good protection (PGP), which
has no central authority.
The central authority in a PKI issues a Certificate Authority (CA), a definitive certificate
that contains the information and the public key of the server. This CA can be used to
sign other certificates, by signing the public key of a requesting body, such as your
server, with the private key. The trust in identity is transitive, because the CA is
recognized by all the involved parties as authoritative: "I trust the CA, and the CA says
that it is you, so it must be true."
Certificates can be revoked because of expiration or compromise in security. To do this,
the issuing body provides a certificate revocation list (CRL) that identifies the certificates
to be invalidated. This is also trusted because strong proof is provided through the
trust mechanisms.
Certificates are available in different formats, though Privacy Enhanced Mail (PEM) is
the most widely used format. The PEM encoding is an ASCII text representation of the
binary data in the ASN.1 format. The X.509 standard defines the distinguished name
(DN) format used in these certificates.
A certificate contains the following information that accompanies the cryptographic
keys:
Common name (CN) being certified
Organization (O) associated
Organizational unit (OU), such as a department within an organization
City or location (L) where an organization is located
State or province (SP) where the city is located
Country (C) in the International Organization for Standardization (ISO) format
(such as U.S.)
The DN is a combination of the different certificate information. The PEM-encoded
certificate contains this information along with the DN of the issuer, the validity period
of the certificate, various administration information, such as a serial number of the
certificate, and any other required information, such as Netscape-specific tags. These
certificates are used to establish the identity and trustworthiness of the presenter, such
as a server or a client. These certificates are also used to authenticate the connecting
party and to take appropriate action, such as allowing a connection to proceed, and
mail relaying, or entry into a network. You can either use the commercial TLS/SSL
certificates (certs) to verify the identity of the WU-FTPD 2.6.1 server, or create your
own certificates for the WU-FTPD 2.6.1 servers.
WU-FTPD 2.6.1 Features 13