An X.509 certificate is a public key with a subject name specified as an X.500 DN (distinguished name) signed by a certificate issuing authority (CA). X.509 certificates are represented as Python policy objects having the following attributes:
- subject
Subject of the certificate.
- issuer
Issuer of the certificate (i.e. the CA that signed it).
- serial
Serial number of the certificate.
- blob
The certificate itself as a string in PEM format.
PNS uses X.509 certificates to provide a convenient and efficient way to manage and distribute certificates and keys used by the various components and proxies of the managed firewall hosts. It is mainly aimed at providing certificates required for the secure communication between the different parts of the firewall system, e.g. firewall hosts and MS engine (the actual communication is realized by agents).
Certificates of trusted CAs (and their accompanying CRLs) are used in Application-level Gateway to validate the certificates of servers accessed by the clients. The hashes and structures below are used by the various certificate-related attributes of the Application-level Gateway Pssl proxy, particularly the ones of certificate
type.
Published on June 04, 2020
© 2007-2019 BalaSys
Send your comments to support@balasys.hu