X.509 Certificate Support
Digital certificates are your digital identification that verifies you are who you claim to be
and validates the integrity of your data. Digital certificates are most commonly combined
with encryption to secure data in the following four ways:
■ Authentication—Digital certificates are used to verify the identity of a user or server.
■ Integrity—If data has been digitally signed and it is altered, the digital signature becomes
invalid, indicating to the recipient that the data is no longer valid.
■ Token verification—Digital tokens are a much more secure product that can be used to
replace passwords. Passwords are less secure because several methods are available that
can determine a password by using both dictionaries and number/letter/word
combination generators to try every conceivable combination of characters until they
discover the password. A digital certificate is an encrypted file that resides on your
computer and can be decrypted only by your password. To compromise your certificate,
a user would have to have both the encrypted file and your password.
■ Encryption—Digital certificates verify the identity of both ends of an encrypted
connection and dynamically negotiate the parameters of that connection. Using digital
certificates to negotiate virtual private networks (VPN) is discussed in detail in Chapter
13, “Virtual Private Networks.”
Cisco Security Appliances support the Simple Certificate Enrollment Protocol (SCEP) and
can be integrated with the following X.509 digital identification solutions:
■ Entrust Technologies, Inc.—Entrust/PKI 4.0
■ Microsoft Corp.—Windows 2000 Certificate Server 5.0
■ VeriSign—Onsite 4.5
■ Baltimore Technologies—UniCERT 3.05