You are here: Pulse Connect Secure > Pulse Connect Secure Administration Guide > System Management > Certificate Security Administration > Understanding Digital Certificate Security

Understanding Digital Certificate Security

Policy Secure and Connect Secure use Public Key Infrastructure (PKI) to secure the data sent to clients over the Internet. PKI is a security method that uses public and private keys to encrypt and decrypt information. These keys are enabled and stored through digital certificates. A digital certificate is an encrypted electronic file issued by a certificate authority (CA) that establishes credentials for client/server transactions.

In public key cryptography, a public/private key pair is used to encrypt and decrypt data. Data encrypted with a public key, which the owner makes available to the public, can be decrypted with the corresponding private key only, which the owner keeps secret and protected. For example, if User1 wants to send User2 an encrypted message, User1 can encrypt it with User2’s public key and send it. User2 then decrypts the message with the private key. The reverse process is also useful: encrypting data with a private key and decrypting it with the corresponding public key. This process is known as creating a digital signature. For example, if User1 wants to present their identity as the sender of a message, they can encrypt the message with her private key and send the message to User2. User2 then decrypts the message with User1’s public key, thus verifying that User1 is indeed the sender.

Policy Secure and Connect Secure systems use the following types of digital certificates to establish credentials and secure session transactions:

http://www.juniper.net/techpubs/images/note.gif

Note: The system can verify certificates that use SHA2 as the message digest.DSA certificates are not supported.

Related Topics