An X.509 certificate is a public key with a subject name specified as an X.500 DN (distinguished name) signed by a certificate issuing authority (CA). X.509 certificates are represented as Python policy objects having the following attributes:
- subject
Subject of the certificate.
- issuer
Issuer of the certificate (i.e. the CA that signed it).
- serial
Serial number of the certificate.
- blob
The certificate itself as a string in PEM format.
Zorp uses X.509 certificates to provide a convenient and efficient way to manage and distribute certificates and keys used by the various components and proxies of the managed firewall hosts. It is mainly aimed at providing certificates required for the secure communication between the different parts of the firewall system, e.g. firewall hosts and ZMS engine (the actual communication is realized by agents).
Certificates of trusted CAs (and their accompanying CRLs) are used in Zorp to validate the certificates of servers accessed by the clients. The hashes and structures below are used by the various certificate-related attributes of the Zorp Pssl proxy, particularly the ones of certificate
type.
Published on May 30, 2024
© BalaSys IT Ltd.
Send your comments to support@balasys.hu