Specifications

ManualsBrandsSiemens ManualsIP PhoneHIPATH V1.2.33

391

392

393

394

395

396

397

398

399

400

hg-09.fm

A31003-H3580-M103-2-76A9, 01-2009

HiPath 3000/5000 V8 - HG 1500 V8, Administrator Documentation

9-31

Nur für den internen Gebrauch

Technical Concepts

SSL and VPN

● start and end of certificate validity,

● a serial number,

● the name of the certification authority.

Before data is transferred in secure mode, the certificates of the data sender and recipient are

exchanged and checked. If necessary, session keys are now negotiated. Only then is the user

data transferred.

People who send data can generate their own certificates (self-signed). If these do not offer a

sufficient level of trustworthiness, certificates that were generated (signed) by an independent,

well-known and trustworthy authority can be used. Certification authorities (CAs) are created

for this purpose. Examples of public CAs include universities, publishing companies, and au-

thorities.

CA hierarchies can be formed. In this way, CA certificates may be generated by superior CAs.

The certificate generated by a university may have been generated, for example, by a state cer-

tification authority.

An environment in which certificates and their owners are centrally managed is known as a Pu-

blic Key Infrastructure (PKI). Certificates are issued by CAs. You can create a PKI in

HG 1500 to facilitate certificate management. You can use the PKI to set up servers for the cen-

tral storage of the certificates and certificate revocation lists configured in the VPN.

Different certificates are used for the SSL and VPN functions in HG 1500, depending on the

task at hand. The certificates used and their descriptions are listed below.

● CA Certificate

Certificate generated by a certification authority (CA). A CA certificate can be either self-

signed or CA-signed. The CA is the highest trust center for a self-signed CA certificate. The

CA is part of a CA hierarchy for a CA-signed CA certificate.

In the HG 1500, the lightweight CA certificate and the SSL certificate generation are self-

signed CA certificates. The lightweight CA of the HiPath 3000/5000 V8 - HG 1500 V8 is

always a root certification authority (CA). Intermediate certification authority functions are

not supported.

● Self-Signed Certificates

The subject and issuer are identical in the case of a self-signed certificate. There is no

higher trust center. CA certificates can also be self-signed.

● CA-signed certificates

Unlike self-signed certificates, these certificates have been signed by a CA. CA certificates

can also be CA-signed (CA hierarchy).

● Trusted CA Certificates or Trusted Certificates

If a CA is classified as trustworthy by a user after the CA certificate has been imported, it

becomes a trusted CA for that user. For VPN authentication, the HiPath 3000/5000 V8 -