C H A P T E R 3 Keys and Certificates
3-15
4. Save the configuration when the server has been mapped.
Intel 7115> config save
Saving configuration to flash...
Configuration saved to flash
Intel 7115>
Global Site Certificates
Overview
Four types of certificates are involved in the following discussion:
• Root Certificate. The certificate of a trusted CA such as VeriSign.
• Server Certificate. Loaded on the server. Can be either self-
generated or received from a certificate authority such as
VeriSign. Interacts with requesting browser’s root certificate to
establish encryption level.
• Global Site Certificate. An extended server certificate. Allows
128-bit encryption for export-restricted browsers.
• Intermediate certificate authority (CA) Certificate. A certificate
“signed,” that is, authenticated, by a recognized certificate
authority such as VeriSign, and used to validate a global site
certificate. Called an “intermediate CA certificate” in the
following discussion.
Export versions of Internet Explorer§ and Netscape§ Communicator
use 40-bit encryption to initiate connections to SSL servers. Upon
receiving a client request, the server responds by sending a digital
certificate. If this certificate is a conventional server certificate (that
is, not a global site certificate), browser and server complete the SSL
handshake and use a 40-bit key to encrypt application data. If the
server responds to a requesting browser with a global site certificate,
the client automatically renegotiates the connection to use 128-bit
encryption.