No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Application Scenarios for PKI

Application Scenarios for PKI

PKI in SSL Networking

Figure 26-27 shows an example of Secure Sockets Layer (SSL) networking.

Figure 26-27  Networking of an SSL application

The SSL protocol provides secure connections for application layer protocols based on the Transmission Control Protocol (TCP). For example, SSL is combined with the Hypertext Transfer Protocol (HTTP) in the Hypertext Transfer Protocol Secure (HTTPS) application. SSL provides secure communication for ecommerce and online banking services.

To establish a secure connection, an HTTPS client authenticates an HTTPS server. The HTTPS server can also authenticate the HTTPS client. When authenticating each other, the HTTPS client and server exchange and verify each other's certificate. PKI implements certificate application, certificate renewal, and certificate authentication.

PKI in WAPI Networking

Figure 26-28 shows an example of networking of WLAN authentication and privacy infrastructure (WAPI) networking.

Figure 26-28  Networking of a WAPI application

WLAN stations (STAs) use the WAPI certificate authentication mode (WAPI-CERT) to connect to the Internet. The authentication service unit (ASU) authenticates STAs and access points (APs). The CA server issues certificates. Generally, the ASU and CA server are deployed on the same device.

During WAPI-CERT authentication, both STAs and APs must be authenticated. Before authentication, STAs and APs must obtain their certificates. The ASU checks their certificates to authenticate them.

An AP does not check an STA's certificate. Instead, it sends its own certificate and the STA's certificate to the ASU for authentication.

In WAPI applications, the PKI module reads a certificate file from a device's storage device and loads the certificate to the memory.

Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 130531

Downloads: 312

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next