OCS Exposed – Inside Digital Certificates

March 18, 2008
This tutorial reviews CA-Certificate Authority responsible for issuing, distributing and revoking certificates. PKI-Public Key Infrastructure is a two-key asymmetric system. Messages are encrypted with a public key and decrypted with a private key. Symmetric (private) key systems use one key for en/decryption. While implementations are not necessarily compatible, the main purpose of PKI is to provide interoperability across vendors, systems and networks. Both public and private CAs exist. 
 
The tutorial explains the details of digital certificates. Here are the highlights:
- Inside a X.509 certificate (example only) The CSP-Certificate Statement Practice is the document which determines the contents of the certificate. Certificate revocation is the process of terminating a certificate before it expires. The owner of the certificate can revoke a certificate at anytime via OCSP-Online Certificate Status Protocol or the CRL-Certification Revocation List which is updated hourly, daily, etc and is distributed to the PKI-Public Key Infrastructure.
- RA-Registration Authority - off-loads from CA - accepts registrations, distributes keys, validates identities
- LRA-Local RA - establishes identity of individual
- Four types of Trust Models in PKI-Public Key Infrastructure:
- Hierarchical
- Bridge
- Hybrid
- Mesh
Office Communications Server can be deployed with many components installed on the same physical server in smaller environments where few servers are required, or it can be scaled out. Communications between federated organizations are encrypted and identity verified using certificates. When communications are occurring between two organizations deploying Office Communications Server, these communications are encrypted end-to-end. Two of the common troubleshooting CA issues are:
- Missing or incorrect parameters (SN/SAN)
- Certificate chain/root certificate missing
If you want to know more, this information is also part of OCS-101 and SIP Essentials 2.0c available in the onsite and online courses. The online version is $299 for SIP 2.0c and for $499 as part of OCS-101 Office Communications Server online version per person or less with discounts. For more information go to http://www.techtionary.com or please call Tom Cross at 303-594-1694 or cross@gocross.com Discounts are also available to members of the SIP Forum. 
 


See this page in TechnoratiTechnoratibook mark in del.icio.usDel.icio.usSlashdot.comSlashdotSubmit to Digg.comDigg BoingBoingBookmark in FurlFurlBookmark in SpurlSpurl

Related Tags: , , , , ,

Listed below are links to sites that reference OCS Exposed – Inside Digital Certificates:

Trackback Pings

TrackBack URL:
http://blog.tmcnet.com/mt3/t.fcgi/35540

Comments to OCS Exposed – Inside Digital Certificates


(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)