Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
560
Views
0
Helpful
1
Replies

certificate authority and certificate.

Go to solution
sarahr202
Level 5
Level 5

‎06-15-2013 12:59 AM

Hi everybody

Please consider the following example:

R1------------------------CA---------------------------R2

We want R1 to get the certificate from Ca so R1 can use it to authenticate itself to R2. Similarly R2 wants to get its own certificate so it can authenticate itself to R1.

Both routers are configured to trust CA.

Before CA can issue certificates to R1 and R2 which they can use to authenticate each other, CA sends its own certificate which has its own (CA) public key, and CA signature.  The video lecture I was watching says CA creates this signature , encrypts its own private key and attaches it to the certificate.

When R1 receives this certificate, R1 uses  CA's public key to decrypt it.

In order for R1 to prove that certificate did come from CA not some impostor, It should know what was the signature before it was encrypted by CA using its private key and sending it  to R1 ,so when R1 receives it and decrypts it with CA's public key it will be to compare and  thus can be sure Certificate came from legit CA.

The question is how does R1 know the signature prior to receiving certificate from CA?

Thanks and have a great day.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
malshbou
Level 1
Level 1

‎06-15-2013 02:05 AM

A certificate signature is created by applying a hash algorithm over the certificate contents , then encrypting the resulted hash. so for R1 to know and verify the signature, it computes the hash of the received certificate (by a hash algorithm mentioned in the cert) , decrypt the signature, then compares both computed hash and decrypted signature which must be equal.

Hope this helps.

------

Regards.
Mashal Alshboul

------------------ Mashal Shboul

View solution in original post

0 Helpful
1 Reply 1

Go to solution
malshbou
Level 1
Level 1

‎06-15-2013 02:05 AM

A certificate signature is created by applying a hash algorithm over the certificate contents , then encrypting the resulted hash. so for R1 to know and verify the signature, it computes the hash of the received certificate (by a hash algorithm mentioned in the cert) , decrypt the signature, then compares both computed hash and decrypted signature which must be equal.

Hope this helps.

------

Regards.
Mashal Alshboul

------------------ Mashal Shboul
0 Helpful
Customers Also Viewed These Support Documents