11.3. PKI in MS

The purpose of including a light-weight PKI system in MS is to provide a convenient and efficient way to manage and distribute certificates and keys used by the various components and proxies of the managed PNS hosts. It is mainly aimed at providing certificates required for the secure communication between the different parts of the firewall system, for example, PNS hosts and MS engine (the actual communication is realized by agents). The PKI of MS also provides a consistent and convenient tool to manage both internal and external certificates between the firewalls. MS can be set to perform the regular distribution of certificates and CRLs automatically, ensuring that no invalid or revoked certificate can be used.

Note

It has to be noted that the PKI of PNS is not a general purpose PKI system, consequently it is not recommended to be used as such. It was designed and intended for internal use between the components of the firewall system (to secure the communication between PNS hosts and MS servers, monitoring agents, and so on), and to manage external certificates available on the managed hosts.

Tip

The PKI system of MS can also manage certificates signed by external CAs. This is useful because MS provides an efficient way to handle the distribution of certificates among the managed hosts.