HP 635n Practical IPsec Deployment for Printing and Imaging Devices - Page 106

Figure 51 - Public Key Certificates Here we can see that everyone's public key certificate is, well - um, public. The important thing to note is that the certificate authority also has a public key certificate that identifies itself. This certificate is signed with its own private key and is a "self-signed" certificate. There is no "higher" level of trust then the top level certificate authority. Therefore, John and Jack must choose a particular certificate authority that they both trust. In most cases, there is a hierarchy of certificate authorities at customer sites. This forms what is known as a certificate chain. We won't be covering certificate chains and their various issues in this whitepaper. What is important here is that we must choose a certificate authority to trust and that we only trust certificates issued by that certificate authority. Also, we should take care to point out that there is usually a difference between Internet trust using certificates and Intranet trust using certificates. Internet trust will involve well-known certificate authorities like Verisign and Entrust. However, Intranet models usually revolve around Microsoft's certificate authority that comes with Windows 2003 server. Each company establishes their own 106