Home Page

Firewalls

Email & Spam

Security Terminology

Security Topics

VPN & Cryptography

Wireless

 

 

 

VPN Terminology

VPN Tutorial Guide

3DES

AES

Aggressive Mode

Authentication Header

Asymmetric Encryption

Authentication

Certification Authority

Data Integrity

DES

Diffie-Hellman

Digital Certificate

Dynamic IP addresses

Encryption

ESP

IKE Oakley & ISAKMP

IPSec

IPSec Quick Mode

L2TP

Main Mode

MD5

NAT-T

PFS

PKI

Policy-vs-Route-VPN

PPTP

Pre-Shared Key

Remote Access User

RSA

Security Association

Sha-1

Site to Site VPN

SSL VPN

Transform Sets

Tunnel mode and Transport mode

VPN client tunneling option

VPN Topologies

VPN Tunnel

 

Security Products Guide

Which Anti-Virus Software?

Which Firewall?

Which Spam Filter?

Which Internet Security Suite?

 

What is Guide

What is a Firewall?

What is a Virus?

What is Spam?

 

Essential Security Guides

Securing Windows XP Guide

Securing Windows Vista Guide

A Guide to Wireless Security

 

Other

Top 8 Internet Security tips

Why both, Firewall and Anti Virus?

Free or purchased security - Which one?

 

 

The Certificate Authority - VPN Tutorial

 

 

When your opening a bank account you have to take a form of ID from a reliable source such as a passport or driving licence, well CA's provide this form of identity. We use digital signatures to form digital credential that we use over the internet to authenticate the identity of the person sending data in an IPSec arrangement, and these digital certificates are provided by CA's such as Verisign.

Verisign would send a certificate to each person or entity and digitally sign them with their (Verisign’s) private key that certifies the authenticity of the user. Certificates are then loaded and verified by end user’s.

For example Joe wants to communicate with Carl and so sends his certificate to Carl and Carl checks out the certificate's CA signature with Verisign. He will look at the CA public key with Verisign to ensure the CA signature is on the certificate. If the certificate is valid then Carl can assume Joe is who he says he is, and the message is valid. Then Joe checks Carl’s certificate and if the certificate is fine and valid, the VPN process can be progressed.

All certificates are exchanged during the IPSec negotiation process. CA’s are the masterminds behind the public key infrastructure (PKI). The CA’s digital certificate is created with the CA’s private key, it’s the one that guarantees the authenticity.

Some examples of public CA's are Verisign, RSA, Entrust, Thwate, Baltimore.

Looking further into digital certificates and CA's, there are two parts to be aware of and can be confusing so below are the differences and the relationship;

Digital signature – Links a message or data to a sender’s private key. On the receiving end that encrypted hash can only be decrypted by using the sender’s public key.

Digital certificate – Bind or links a person or a corporate entity to a private key. Not the data or the message.

The relationship between a digital signature and digital certificate is a certificate could be used to link or bind a person or entity to a digital signature. Certificate is like the driver's licence and signature is like the credit card.

Further Reading

Wikipedia's guide to Certification Authority