Policy Manager - My Certificates
Issue 4 May 2005 239
Figure 78: Issuer Certificates
Explanation for Figure 78:
1. A Certificate Request from VSU
A
is sent to a PKI System to be signed.
2. The PKI uses the Certificate Request to create a Signed Certificate specifically for VSU
A
.
The Signed Certificate is then stored on VSU
A
.
3. Every target of VSU
A
must have VSU
A
’s Signed Certificate.
Note: The target uses an Issuer Certificate to authenticate VSU
A
’s Signed Certificate.
The Issuer Certificate must be from the same PKI which created the VSU
A
’s
Signed Certificate.
Installing an issuer certificate
Use the Policy Manager for installing Issuer Certificates in a specific VSU. The VSU then uses
the Issuer Certificate to authenticate certificates received from other VSUs.
The process is explained in Figure 78
.
To install an Issuer Certificate into a VSU (target):
1. Get an Issuer Certificate from a PKI System. Use the same PKI System that created the
Signed Certificate.
2. The PKI System must use the Distinguishing Encoding Rules (DER) format for creating the
Issuer Certificate. Figure 79
shows what a certificate looks like (its body has been
shortened for the example).
VSU
A
WAN
VSU
B
PKI
Target of VSUA
1
2
3
4
Targets use Issuer Certificates to
authenticate Signed Certificates they
receive. The Issuer Certificate must be from
the same PKI System that created the Signed
Certificate. Issuer Certificates are stored
on targets.
