Digital certificates are digitally signed statements providing independent confirmation of a network public key. Most digital certificates are issued by trusted third parties such as governments, financial institutions, or certificate authority (CA) companies specializing in certificate services.
A CA is a location on a network that issues and manages security credentials and public keys for data encryption. As part of a public key infrastructure (PKI), a CA checks with a registration authority (RA) to verify information provided by the requestor of a digital certificate. If the RA verifies the requestor's information, the CA can issue a certificate.
The digital certificate is installed locally on the router and used to encrypt and decrypt data on a network with IPSec peers configured for digital certificates. This section contains the following topics: