HP Jetdirect 610n HP Jetdirect Print Servers - HP Jetdirect and SSL/TLS - Page 77

SSL/TLS Client: Understanding Certificate Chains

Get HP Jetdirect 610n PDF manuals and user guides View all HP Jetdirect 610n manuals
Add to My Manuals
Save this manual to your list of manuals

Page 77 highlights

SSL/TLS Client: Understanding Certificate Chains In the previous section, we described a situation where the wrong CA certificate was configured on Jetdirect. Let's explain this more thoroughly because it is a common issue reported on Jetdirect. Remember, Jetdirect is an embedded system and has limited flash space. Therefore, it cannot store a multitude of certificates on its flash file system. What Jetdirect needs to do is "Walk the Certificate Chain". Let's explain by reviewing our CA Hierarchy. Figure 31 - CA Hierarchy In this example, RootCA is the top level CA, which is also called the Root. What usually happens at customer sites is that the Root CA is created and it issues one or more certificates to Subordinate CAs, also known as Intermediate CAs, and they do the dirty work of issuing certificates to various entities in the customer's network. The Root CA is then shutdown and locked up in a secure room with this information backed up in several places. The Root CA establishes the trust of the whole environment and is very well protected. We can see that RootCA issues a certificate to R2, which grants R2 the capability to issue certificates to other entities. R2's certificate is signed by the Root CA. R2 then can issue certificates to other devices. 77

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
77
SSL/TLS Client: Understanding Certificate Chains
In the previous section, we described a situation where the wrong CA certificate was configured on
Jetdirect.
Let’s explain this more thoroughly because it is a common issue reported on Jetdirect.
Remember, Jetdirect is an embedded system and has limited flash space.
Therefore, it cannot store a
multitude of certificates on its flash file system.
What Jetdirect needs to do is “Walk the Certificate
Chain”.
Let’s explain by reviewing our CA Hierarchy.
Figure 31 - CA Hierarchy
In this example, RootCA is the top level CA, which is also called the Root.
What usually happens at
customer sites is that the Root CA is created and it issues one or more certificates to Subordinate CAs,
also known as Intermediate CAs, and they do the dirty work of issuing certificates to various entities
in the customer’s network.
The Root CA is then shutdown and locked up in a secure room with this
information backed up in several places.
The Root CA establishes the trust of the whole environment
and is very well protected.
We can see that RootCA issues a certificate to R2, which grants R2 the capability to issue certificates
to other entities.
R2’s certificate is signed by the Root CA.
R2 then can issue certificates to other
devices.