SlideShare a Scribd company logo

Certificate fundamental from avaya smgr perspective

Shashank Kapil
Shashank Kapil

PKI Certificate fundamental from avaya smgr perspective

Technology
1 of 5
Download to read offline
Shashank Kapil Certificate fundamental From Avaya SMGR Perspective
Table of Contents Public Key Infrastructure (PKI) & Certificates...................................................................................................2 Trusted Certificate versus Identity Certificate .................................................................................................2 Secure Communication via TLS ........................................................................................................................2 Certificate Based Key Exchange........................................................................................................................3 Workflow for Certificates.................................................................................................................................3 System Manager as a Certificate Authority (CA)..............................................................................................4 Certificate Generation Capabilities in SMGR....................................................................................................4
Public Key Infrastructure (PKI) & Certificates Certificates bind an identity to a public key. The Certificate Authority (CA) is a trusted third party, responsible for verifying the identity of a user and issuing a tamper resistant digital certificate for applicants. The digital certificate is digitally signed data stating that the public-key included in the certificate belongs to the user identified by the certificate. – The certificate signature is created by the issuing CA and can only be validated with the issuing CA certificate. – The signature is a hash of the certificate content which has been encrypted using the issuer’s private key. – The issuer’s public key must be used to decrypt the signature to extract the hash. Trusted Certificate versus Identity Certificate Identity Certificate and Trusted Certificate are two terms to distinguish the role of a certificate. Identity Certificate is a certificate used to identify an application, an interface, or a device. An identity certificate is presented to the far end as a TLS connection is being established in order to identify the sender of this certificate. Trusted certificate is used by the local system to verify the authenticity of an identity certificate received from the far end on a TLS setup. Secure Communication via TLS All communications between the client and the servers in the Avaya Aura environment can be secured using Transport Layer Security (TLS) protocol. In TLS, servers are configured with an identity certificate issued by a certificate authority. – When clients connect to servers, the server presents its identity certificate for the client to validate. – The client checks whether the server identity certificate was issued by a certificate authority that the client trusts. – If the validation succeeds, a secure connection is established.
Certificate Based Key Exchange Workflow for Certificates 1. Ensure that the certificate authority (CA) issuing identity certificates is trusted throughout the network. 2. Generate Certificate Signing Requests (CSR) for each server´s certificate. 3. Get the CSR´s signed by the CA. 4. On each server, install the new server identity certificate.
System Manager as a Certificate Authority (CA) System Manager is by default a Root CA (self-signed root certificate) or can be setup as a Sub-CA (from a Third-Party Certificate Authority). Uses a third-party open source application, Enterprise Java Beans Certificate Authority (EJBCA) to issue identity and trusted certificates to applications through Simple Certificate Enrollment Protocol (SCEP). System Manager Trust Management provisions and manages certificates of various applications, such as servers and devices, enabling the applications to have secure inter-element communication System Manager generates Certificates using SHA2 as the signing algorithm and 2048 as the default key size. Certificate Generation Capabilities in SMGR 1. Generate a PKCS12 format keystore with the Identity certificate containing the values given in the end entity. a. Generating a PKCS#12 file including a signed certificate and private key directly from the SMGR UI. b. For Products with PKCS#12 keystore import functionality. 2. Sign the given CSR and generate a PEM formatted certificate containing the values given in the end entity. a. Creating a signed certificate directly from the SMGR UI using a CSR. b. For Products generating the keys on their end and having the Certificate signed by the SMGR CA.

Recommended

SSL / TLS Validation | CASecurity.org | RapidSSLonline
SSL / TLS Validation | CASecurity.org | RapidSSLonlineSSL / TLS Validation | CASecurity.org | RapidSSLonline
SSL / TLS Validation | CASecurity.org | RapidSSLonlineRapidSSLOnline.com
 
Security
SecuritySecurity
SecurityAkram Salih
 
Understanding Security for Oracle WebLogic Server
Understanding Security for Oracle WebLogic ServerUnderstanding Security for Oracle WebLogic Server
Understanding Security for Oracle WebLogic ServerHojjat Abedie
 
The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)Sarah Conway
 
SPS Houston - Who Are You and What Do You Want? Working With OAuth in SharePo...
SPS Houston - Who Are You and What Do You Want? Working With OAuth in SharePo...SPS Houston - Who Are You and What Do You Want? Working With OAuth in SharePo...
SPS Houston - Who Are You and What Do You Want? Working With OAuth in SharePo...Eric Shupps
 
Ch14
Ch14Ch14
Ch14Joe Christensen
 
Implementing Cisco AAA
Implementing Cisco AAAImplementing Cisco AAA
Implementing Cisco AAAdkaya
 
Session 10 Tp 10
Session 10 Tp 10Session 10 Tp 10
Session 10 Tp 10githe26200
 

Recommended

SSL / TLS Validation | CASecurity.org | RapidSSLonline
SSL / TLS Validation | CASecurity.org | RapidSSLonlineSSL / TLS Validation | CASecurity.org | RapidSSLonline
SSL / TLS Validation | CASecurity.org | RapidSSLonlineRapidSSLOnline.com
 
Security
SecuritySecurity
SecurityAkram Salih
 
Understanding Security for Oracle WebLogic Server
Understanding Security for Oracle WebLogic ServerUnderstanding Security for Oracle WebLogic Server
Understanding Security for Oracle WebLogic ServerHojjat Abedie
 
The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)Sarah Conway
 
SPS Houston - Who Are You and What Do You Want? Working With OAuth in SharePo...
SPS Houston - Who Are You and What Do You Want? Working With OAuth in SharePo...SPS Houston - Who Are You and What Do You Want? Working With OAuth in SharePo...
SPS Houston - Who Are You and What Do You Want? Working With OAuth in SharePo...Eric Shupps
 
Ch14
Ch14Ch14
Ch14Joe Christensen
 
Implementing Cisco AAA
Implementing Cisco AAAImplementing Cisco AAA
Implementing Cisco AAAdkaya
 
Session 10 Tp 10
Session 10 Tp 10Session 10 Tp 10
Session 10 Tp 10githe26200
 
Kerberos presentation
Kerberos presentationKerberos presentation
Kerberos presentationChris Geier
 
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013Eric Shupps
 
Kerberos
KerberosKerberos
KerberosSparkbit
 
SPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival GuideSPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival GuideJ.D. Wade
 
Kerberos authentication
Kerberos authenticationKerberos authentication
Kerberos authenticationSuraj Singh
 
Kerberos case study
Kerberos case studyKerberos case study
Kerberos case studyMayuri Patil
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication ServiceSwathy T
 
Kerberos
KerberosKerberos
KerberosMohanasundaram Nattudurai
 
O auth2.0 20141003
O auth2.0 20141003O auth2.0 20141003
O auth2.0 20141003Syed Ali Raza
 
Kerberos protocol
Kerberos protocolKerberos protocol
Kerberos protocolAjit Dadresa
 
Authentication services
Authentication servicesAuthentication services
Authentication servicesGreater Noida Institute Of Technology
 
Rakesh raj
Rakesh rajRakesh raj
Rakesh rajDBNCOET
 
Using Kerberos
Using KerberosUsing Kerberos
Using Kerberosanusachu .
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication ProtocolBibek Subedi
 
Kerberos
KerberosKerberos
KerberosSudeep Shouche
 
Synapse india reviews on security for the share point developer
Synapse india reviews on security for the share point developerSynapse india reviews on security for the share point developer
Synapse india reviews on security for the share point developersaritasingh19866
 
Kerberos
KerberosKerberos
KerberosRahul Pundir
 
Kerberos explained
Kerberos explainedKerberos explained
Kerberos explainedDotan Patrich
 
Cued click point image based kerberos authentication protocol
Cued click point image based kerberos authentication protocolCued click point image based kerberos authentication protocol
Cued click point image based kerberos authentication protocolIAEME Publication
 
Kerberos Survival Guide SPS Chicago
Kerberos Survival Guide SPS ChicagoKerberos Survival Guide SPS Chicago
Kerberos Survival Guide SPS ChicagoJ.D. Wade
 
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...Farooq Khan
 
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxOralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxssuser865ecd
 

More Related Content

What's hot

Kerberos presentation
Kerberos presentationKerberos presentation
Kerberos presentationChris Geier
 
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013Eric Shupps
 
SPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival GuideSPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival GuideJ.D. Wade
 
Kerberos authentication
Kerberos authenticationKerberos authentication
Kerberos authenticationSuraj Singh
 
Kerberos case study
Kerberos case studyKerberos case study
Kerberos case studyMayuri Patil
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication ServiceSwathy T
 
Rakesh raj
Rakesh rajRakesh raj
Rakesh rajDBNCOET
 
Using Kerberos
Using KerberosUsing Kerberos
Using Kerberosanusachu .
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication ProtocolBibek Subedi
 
Synapse india reviews on security for the share point developer
Synapse india reviews on security for the share point developerSynapse india reviews on security for the share point developer
Synapse india reviews on security for the share point developersaritasingh19866
 
Cued click point image based kerberos authentication protocol
Cued click point image based kerberos authentication protocolCued click point image based kerberos authentication protocol
Cued click point image based kerberos authentication protocolIAEME Publication
 
Kerberos Survival Guide SPS Chicago
Kerberos Survival Guide SPS ChicagoKerberos Survival Guide SPS Chicago
Kerberos Survival Guide SPS ChicagoJ.D. Wade
 

What's hot (20)

Kerberos presentation
Kerberos presentationKerberos presentation
Kerberos presentation
 
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
 
Kerberos
KerberosKerberos
Kerberos
 
SPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival GuideSPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival Guide
 
Kerberos authentication
Kerberos authenticationKerberos authentication
Kerberos authentication
 
Kerberos case study
Kerberos case studyKerberos case study
Kerberos case study
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication Service
 
Kerberos
KerberosKerberos
Kerberos
 
O auth2.0 20141003
O auth2.0 20141003O auth2.0 20141003
O auth2.0 20141003
 
Kerberos protocol
Kerberos protocolKerberos protocol
Kerberos protocol
 
Authentication services
Authentication servicesAuthentication services
Authentication services
 
Rakesh raj
Rakesh rajRakesh raj
Rakesh raj
 
Using Kerberos
Using KerberosUsing Kerberos
Using Kerberos
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication Protocol
 
Kerberos
KerberosKerberos
Kerberos
 
Synapse india reviews on security for the share point developer
Synapse india reviews on security for the share point developerSynapse india reviews on security for the share point developer
Synapse india reviews on security for the share point developer
 
Kerberos
KerberosKerberos
Kerberos
 
Kerberos explained
Kerberos explainedKerberos explained
Kerberos explained
 
Cued click point image based kerberos authentication protocol
Cued click point image based kerberos authentication protocolCued click point image based kerberos authentication protocol
Cued click point image based kerberos authentication protocol
 
Kerberos Survival Guide SPS Chicago
Kerberos Survival Guide SPS ChicagoKerberos Survival Guide SPS Chicago
Kerberos Survival Guide SPS Chicago
 

Similar to Certificate fundamental from avaya smgr perspective

SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...Farooq Khan
 
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxOralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxssuser865ecd
 
Certification authority
Certification authorityCertification authority
Certification authorityproser tech
 
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2dP2PSystem
 
SSL Implementation - IBM MQ - Secure Communications
SSL Implementation - IBM MQ - Secure Communications SSL Implementation - IBM MQ - Secure Communications
SSL Implementation - IBM MQ - Secure Communications nishchal29
 
Wildcard and SAN - Understanding Multi Domain SSL Certificate
Wildcard and SAN - Understanding Multi Domain SSL CertificateWildcard and SAN - Understanding Multi Domain SSL Certificate
Wildcard and SAN - Understanding Multi Domain SSL CertificateCheapSSLsecurity
 
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfI would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfJUSTSTYLISH3B2MOHALI
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Java Cert Pki
Java Cert PkiJava Cert Pki
Java Cert Pkiphanleson
 
Indianapolis mule soft_meetup_30_jan_2021 (1)
Indianapolis mule soft_meetup_30_jan_2021 (1)Indianapolis mule soft_meetup_30_jan_2021 (1)
Indianapolis mule soft_meetup_30_jan_2021 (1)ikram_ahamed
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscapeSagara Gunathunga
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization ModelsCSCJournals
 
Smart Card Authentication
Smart Card AuthenticationSmart Card Authentication
Smart Card AuthenticationDan Usher
 
Computer security module 4
Computer security module 4Computer security module 4
Computer security module 4Deepak John
 
Install offline Root CA Server 2003
Install offline Root CA Server 2003Install offline Root CA Server 2003
Install offline Root CA Server 2003Ammar Hasayen
 
X 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetX 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetPuneet Arora
 
Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)Netwax Lab
 

Similar to Certificate fundamental from avaya smgr perspective (20)

SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
 
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxOralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
 
Avaya Security Certificates Webinar
Avaya Security Certificates WebinarAvaya Security Certificates Webinar
Avaya Security Certificates Webinar
 
Certification authority
Certification authorityCertification authority
Certification authority
 
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
 
SSL Implementation - IBM MQ - Secure Communications
SSL Implementation - IBM MQ - Secure Communications SSL Implementation - IBM MQ - Secure Communications
SSL Implementation - IBM MQ - Secure Communications
 
Wildcard and SAN - Understanding Multi Domain SSL Certificate
Wildcard and SAN - Understanding Multi Domain SSL CertificateWildcard and SAN - Understanding Multi Domain SSL Certificate
Wildcard and SAN - Understanding Multi Domain SSL Certificate
 
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfI would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
 
Java Cert Pki
Java Cert PkiJava Cert Pki
Java Cert Pki
 
Indianapolis mule soft_meetup_30_jan_2021 (1)
Indianapolis mule soft_meetup_30_jan_2021 (1)Indianapolis mule soft_meetup_30_jan_2021 (1)
Indianapolis mule soft_meetup_30_jan_2021 (1)
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscape
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
 
Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization Models
 
Smart Card Authentication
Smart Card AuthenticationSmart Card Authentication
Smart Card Authentication
 
Computer security module 4
Computer security module 4Computer security module 4
Computer security module 4
 
CERTIFYING AUTHORITY
CERTIFYING AUTHORITYCERTIFYING AUTHORITY
CERTIFYING AUTHORITY
 
Install offline Root CA Server 2003
Install offline Root CA Server 2003Install offline Root CA Server 2003
Install offline Root CA Server 2003
 
X 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetX 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.Net
 
Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)
 

Recently uploaded

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Certificate fundamental from avaya smgr perspective

  • 2. Table of Contents Public Key Infrastructure (PKI) & Certificates...................................................................................................2 Trusted Certificate versus Identity Certificate .................................................................................................2 Secure Communication via TLS ........................................................................................................................2 Certificate Based Key Exchange........................................................................................................................3 Workflow for Certificates.................................................................................................................................3 System Manager as a Certificate Authority (CA)..............................................................................................4 Certificate Generation Capabilities in SMGR....................................................................................................4
  • 3. Public Key Infrastructure (PKI) & Certificates Certificates bind an identity to a public key. The Certificate Authority (CA) is a trusted third party, responsible for verifying the identity of a user and issuing a tamper resistant digital certificate for applicants. The digital certificate is digitally signed data stating that the public-key included in the certificate belongs to the user identified by the certificate. – The certificate signature is created by the issuing CA and can only be validated with the issuing CA certificate. – The signature is a hash of the certificate content which has been encrypted using the issuer’s private key. – The issuer’s public key must be used to decrypt the signature to extract the hash. Trusted Certificate versus Identity Certificate Identity Certificate and Trusted Certificate are two terms to distinguish the role of a certificate. Identity Certificate is a certificate used to identify an application, an interface, or a device. An identity certificate is presented to the far end as a TLS connection is being established in order to identify the sender of this certificate. Trusted certificate is used by the local system to verify the authenticity of an identity certificate received from the far end on a TLS setup. Secure Communication via TLS All communications between the client and the servers in the Avaya Aura environment can be secured using Transport Layer Security (TLS) protocol. In TLS, servers are configured with an identity certificate issued by a certificate authority. – When clients connect to servers, the server presents its identity certificate for the client to validate. – The client checks whether the server identity certificate was issued by a certificate authority that the client trusts. – If the validation succeeds, a secure connection is established.
  • 4. Certificate Based Key Exchange Workflow for Certificates 1. Ensure that the certificate authority (CA) issuing identity certificates is trusted throughout the network. 2. Generate Certificate Signing Requests (CSR) for each server´s certificate. 3. Get the CSR´s signed by the CA. 4. On each server, install the new server identity certificate.
  • 5. System Manager as a Certificate Authority (CA) System Manager is by default a Root CA (self-signed root certificate) or can be setup as a Sub-CA (from a Third-Party Certificate Authority). Uses a third-party open source application, Enterprise Java Beans Certificate Authority (EJBCA) to issue identity and trusted certificates to applications through Simple Certificate Enrollment Protocol (SCEP). System Manager Trust Management provisions and manages certificates of various applications, such as servers and devices, enabling the applications to have secure inter-element communication System Manager generates Certificates using SHA2 as the signing algorithm and 2048 as the default key size. Certificate Generation Capabilities in SMGR 1. Generate a PKCS12 format keystore with the Identity certificate containing the values given in the end entity. a. Generating a PKCS#12 file including a signed certificate and private key directly from the SMGR UI. b. For Products with PKCS#12 keystore import functionality. 2. Sign the given CSR and generate a PEM formatted certificate containing the values given in the end entity. a. Creating a signed certificate directly from the SMGR UI using a CSR. b. For Products generating the keys on their end and having the Certificate signed by the SMGR CA.