X.509 Certificate Mapping
and Validation X.509 Certificate Mapping
and Validation
Certificate Mapping
X.509 is a proposed standard used for generating digitally-signed public-key authentication The process of verifying that an individual truly is who he or she claims to be. Supplying a password is a very common method of authentication. The most secure method of authentication supported in VShell is public-key authentication. See also: identity file, public-private key pair certificates that can be used for authentication in supporting Secure Shell SSH is a abbreviation for the Secure Shell protocol. A communications protocol used to encrypt network traffic between a client and a server. systems. VShell matches an X.509 certificate to a user on your system via a map file. If a match is confirmed, VShell authenticates and logs in the user. Certificate mapping eliminates the need to deposit certificates on the VShell server A computer program that provides services to other computer programs (called clients). Often the computer on which a server program runs is also called a server. The term host is often used as a synonym for server., facilitating deployment of digital certificates in large organizations. As certificates are granted by the CA, the map file stored on the VShell server is updated manually by the administrator.
The certificate mapping process follows these steps:
1. The end user's Secure Shell client (e.g., SecureCRT) presents a digital certificate.
2. VShell looks up the issuing CA from the user's certificate and checks for a map file associated with that CA.
3. VShell looks in the map file for a line that matches a thumbprint from the user's certificate to a user name.
If a match is found, the user is logged in with privileges associated with their Windows ACL profile. If a map file match is not found, VShell drops back to the file-based approach and looks in its public key folder for the user's *.cer file.
Using X.509 digital certificates also enables the use of highly secure two-factor authentication The process of verifying that an individual truly is who he or she claims to be. Supplying a password is a very common method of authentication. The most secure method of authentication supported in VShell is public-key authentication. See also: identity file, public-private key pair tools including smart cards and tokens.
Certificate Validation
VShell has the ability to use a map file stored on the server to check the validity of an X.509 digital certificate with a Certification Authority (CA) or chain of authorities. Certificate checking "walks the certificate chain" and verifies the validity of X.509 certificates with their CA.
The process follows these steps:
1. The Secure Shell SSH is a abbreviation for the Secure Shell protocol. A communications protocol used to encrypt network traffic between a client and a server. client A computer or application that uses services provided by a server. (e.g., VanDyke Software's SecureCRT®) presents a certificate to authenticate itself.
2. VShell checks for the validity of the certificate and optionally checks the Certificate Revocation List (CRL) to determine if the certificate has been revoked. VShell then looks in a map file associated with the CA to match the certificate with a username (see "Certificate Mapping" below).
3. VShell verifies the signature on the certificate generated by the user's private key and, if successful, logs the user in.
