Manualshelf

HP LaserJet Enterprise MFP - CA Certificates for commercial Email services (white paper)

ManualsBrandsHP ManualsDesktopsHP Color LaserJet Enterprise M855dn Printer
45678910111213
11
anything encrypted by the public key can only be decrypted by the private key, and b) anything
encrypted by the private key can only be decrypted by the public key.
The public/private key pair provides the key elements for the validation of an identity
certificate by a CA certificate. When a CA issues a certificate, it encrypts all the certificate
information with its private key and attaches the encrypted version to the unencrypted
information. This encryption process results in the signed certificate that is issued to the entity
identified in the Subject field.
Since the encrypted part of the certificate (the signature) can only be decrypted with the public
key matching the private key that encrypted it, it provides an extremely strong bond between
the certificate contents, the CA and the certificate data that the CA validated before signing the
certificate. Specifically, the signature in the identity certificate can be decrypted with the public
key of the CA to reveal the original data. If this original data matches the certificate data, then
it is certain that the certificate data is correct, and that the CA signed this exact data.
Thus a certificate’s validity is created and checked in the following steps:
1) A Certificate Authority (CA) verifies information (subject, validity dates, usage, etc)
about the server requesting an identity certificate.
2) The CA signs the certificate by attaching to the certificate an encrypted version of the
certificate information as a signature. The encryption is performed with the CA’s private
key. The (identity) certificate is provided to the server.
3) The CA certificate is made publicly available and contains the public key.
4) The identity certificate is presented by the server to any client that would like to verify
the identity of the server.
5) The client examines the Issuer field of the certificate to determine the CA that issued
the certificate.
6) The client, having previously acquired the issuer’s CA certificate, decrypts the signature
of the identity certificate, and by verifying that the decrypted information matches the
plaintext (not encrypted) part of the certificate, validates that the certificate is genuine
and has not been adulterated.