Virtual Private Network Wireless

Corporate Template06/98

Page 13Com Corporation

Virtual Private NetworkVirtual Private Network&&

WirelessWireless

Ing. Mirko TedaldiCryptoNet S.p.A.

[email protected]

OverviewOverview•• Virtual Private NetworkVirtual Private Network•• Wireless scenarioWireless scenario•• Wireless VPNWireless VPN•• Wireless LANWireless LAN•• MM--commerce and Wireless Public Key commerce and Wireless Public Key InfrastructureInfrastructure



I due tipi di algoritmi I due tipi di algoritmi crittograficicrittografici

••Crittografia simmetricaCrittografia simmetrica ( o a chiave segreta): utilizza una sola chiave crittografica che deve essere posseduta sia dal mittente sia dal destinatario del messaggio

••Crittografia asimmetricaCrittografia asimmetrica (o a chiave pubblica):utilizza una coppia di chiavi (una pubblica e l’altra privata) possedute entrambi da un unico proprietario

I Certificati ElettroniciI Certificati Elettronici

Mirko TedaldiCA: CryptoNet

Valido dal 16/1/2000 al 15/1/2001Valore della chiave pubblica

Informazionicontenute nel

certificato

Firma della CA

Chiave privatadella CA



ThirdThird--Party TrustParty Trust

Alice Bob

Autorità di Certificazione

Garantisce la corrispondenza tra chiave pubblica e soggetto attraverso i certificati certificati digitalidigitali

Virtual Private Network Virtual Private Network (VPN)(VPN)



What is a VPN?What is a VPN?• At its simplest, a VPN (Virtual Private

Network) is a network built on top of the services of another network– often VPNs are built on the public Internet, but

not always

Network

Network

Network

Network

Network

Network

Network

Network

Network

NetworkNetwork

Network

Network Network

Network

Network

Network

NetworkParis Office

Sydney Office

New York Office Tokyo Office

Prevailing MethodsPrevailing Methods

Internet

HQ LanRemote Office Lan

Modem Pool

RouterRouter

Firewall

Roaming User

Home User



VPN MethodsVPN Methods

Internet

HQ LanRemote Office Lan

Modem Pool

RouterRouter

Firewall

Roaming User

Home User

Encrypted TunnelClear Text Clear Text

•• Intranet VPN:Intranet VPN:• between a central corporate and branch offices

•• Remote VPN:Remote VPN:• between a central corporate and individual remote

users•• Extranet VPN:Extranet VPN:

• between an enterprise and its business partners, suppliers and customers

Remote VPN and Extranet VPN include not only mobile devices like laptops, but wireless handheld devices like PDAs and smart phone.

Uses for Uses for VPNsVPNs



Business Reasons for VPNsBusiness Reasons for VPNs

• Increased business being done over Internet• Secures communications at network layer

(IP) across all applications (including legacy apps)

• Cost effective for remote access: compare to a modem pool and long distance charges

“How often do they dial in and for how long? What about

international calls? What will it cost to maintain this?”

The Nature of Secure VPNsThe Nature of Secure VPNs• The classic problems

– authentication– integrity– confidentiality

“Which devices do I trust? Which client machines do I

trust? Is anyone able to monitor my session? Is anyone able to

hijack my session?”



IP Header

IP Header

IPSec Header(s)AH/ESP

IPSec Header(s)AH/ESP

IP Data (Encrypted)

IP Data (Encrypted)

An outline of IPSecAn outline of IPSec• “The goal of the IPSec architecture is to provide various

security services for traffic at the IP layer, in both the IPv4 and IPv6 environments.” (IETF-RFC2401)

• Interoperable authentication, integrity and encryption

Encapsulating Security Payload Header (ESP)

Encapsulating Security Payload Encapsulating Security Payload Header (ESP)Header (ESP)

• ESP header is prepended toIP datagram

• Confidentiality through encryption of IP datagram

• Integrity through keyed hash function

Security Parameter Index (SPI)Security Parameter Index (SPI)

Sequence Number FieldSequence Number Field

Padding (If Any)Padding (If Any)

PadLength

PadLength

NextHeaderNext

Header

Initialization VectorInitialization Vector

Authentication DataAuthentication Data

Payload DataPayload Data



NextHeaderNext

HeaderPayloadLength

PayloadLength RESERVEDRESERVED

Security Parameter Index (SPI)Security Parameter Index (SPI)

Sequence Number FieldSequence Number Field

Authentication DataAuthentication Data

AuthenticationAuthenticationHeader (AH)Header (AH)

• AH header is prepended to IP datagram or to upper-layer protocol

• IP datagram, part of AH header, and message itself are authenticated with a keyed hash function

Authentication in IPSecAuthentication in IPSec

•• PrePre--shared keysshared keys– Single key or passphrase per peer– Still results in huge numbers of keys in

meshed networks

• Digital signature and certificates (PKI)– Third Party Trust minimizes the number of

keys required for strong authentication



Why is PKI important to Why is PKI important to VPN?VPN?

• It is relatively easy to build a secure pipe or tunnel between two nodes or users on a public network

• Unless you know exactly who is at both ends of the pipe it has little value (initial authentication is fundamental)

• Digital certificates provide a means to strongly authenticate users and devices in a VPN tunnel

• A managed PKI provides a scalable platform upon which to build large, secure, and trusted VPN’s.

ScalabilityScalability

• VPNs do not scale without using public-key certificates

Effort ∝ n2 Effort ∝ n

Withcertificates

WithoutCertificates(fully-meshed)

PresharedKeys

Certificates



VPN + PKIVPN + PKI

Internal network

Internal network

VPNVPN

PKIPKI

IPSec SessionsIPSec Sessions

IKE (1) ISAKMP SA

IKE(2) IPSEC SA IPSEC SAIKE(2)Ip tunneled Ip tunneled

IKE(2) IPSEC SA IPSEC SAIKE(2)Ip tunneled Ip tunneled

From net Ato net B

From net Ato net C



IKEIKE

Utilizzato per effettuare l’autenticazione tra i punti terminali della VPN e per lo scambio delle chiavi delle sessioni IPSEC. Si appoggia sul protocollo UDP (porta 500).

• phase 1phase 1 - durante questa fase avviene l’autenticazione tra i punti terminali della VPN (sessione ISAKMP),

• phase 2phase 2 - in questa fase vengono contrattati gli algoritmi, la lunghezza della chiave, la durata massima della sessione e la chiave di sessione per le sessioni IPSEC

Router

Firewall

Insecure Channel

Security Association (SA)Security Association (SA)

• Agreement between two entities on method to communicate securely

• Unidirectional—two-way communication consists of two SAs



CA

ROUTER 1

VPN GCI

SLAVE 1 DIR

SLAVE 2 DIR

VPN CON.

CA ADMNI

MASTER DIR

ROUTER 2

VPN VPN ArchitectureArchitecture

Protocollo Funzionalità PortaTCP

CMPCertificate Management Protocol

Key and certificate management 829

LDAPLightweight Directory Access Protocol

Accesso a directory X.500 attraversoTCP/IP

389

DISPDirectory Shadowing Protocol

Shadowing tra master directory e slave directory

102

CEPCertificate Enrollment Protocol

Enrollment dei router Cisco 1600

HTTPHypertext Transfer Protocol

Accesso tramite web server alla CGI del VPN Connector

80

Protocolli di ComunicazioneProtocolli di Comunicazione



Protocollo Funzionalità PortaTCP

SPKMSimple Public-Key GSS-API Mechanism

Amministrazione remota della CAattraverso l’interfaccia Entrust/Admin

710

DAPDirectory Access Protocol

Amministrazione remota delle directoryattraverso l’interfaccia DAC

102

Protocolli di AmministrazioneProtocolli di Amministrazione

Sorgente Destinatario Protocol Azione

ENROLLMENT

Router VPN CGI HTTP Richiesta di enrollement

VPN CGI VPN Connector CEP Dispatch della richiesta dienrollment

VPN Connector Certification Authority

SEP Abilitazione del router nellaCA

Certification Authority

Master Directory LDAP Pubblicazione dei certificati dei router

Master Directory Slave Directory DISP Update delle copie shadow

Le Le comunicazioni comunicazioni in in una una VPN (1)VPN (1)



IPSEC

Router Slave Directory LDAP Scaricamento delle CRL

REVOCA

VPN Connector Master Directory LDAP Revoca dei certificati deirouter

Sorgente Destinatario Protocol Azione

Le Le comunicazioni comunicazioni in in una una VPN (2)VPN (2)

The customerThe customer

• Name : Omnitel Pronto ItaliaOmnitel Pronto Italia

• Importance: 2nd mobile operator in the world

• Subscribers: > 9M



The projectThe project

• Name: Omnitel2000• Scope: use GSM as distribution points

of new services (from horoscope to finance)

• Challenge: time to market• Requirements: availability of service,

scalability

The solutionThe solution

• Idea: create a star network between Omnitel and content providers, use IP over CDN, authenticate end-points

• Products: Cisco routers (the net), Entrust/PKI, Entrust/VPN Connector, PeerLogic i500 directory

• Results: 1st (for birth) and 2nd (for growth = 1000 routers) largest VPN in the world based on this technology



Il processo di enrollmentIl processo di enrollment

Quando un nuovo router entra a far parte di una VPN occorre innanzitutto effettuare il processo di enrollment, che consiste in :• autenticazione e riconoscimento della certification authority,• generazione delle coppie di chiavi crittografiche,• richiesta di certificazione delle chiavi ed ottenimento dei proprio certificati digitali

Il processo di enrollmentIl processo di enrollment1° passo : il riconoscimendo dell’authority

RA(VPN Connector)

CERTS?



1° passo : il riconoscimendo dell’authority

RA(VPN Connector)

Fingerprint:aa:b0:c2:...

Fingerprint ?Aa:b0:c2:...


2° passo : generazione delle chiavi a bordo del router

RA(VPN Connector)

CA:o=cryptonet,c=it




3° passo : certificazione delle chiavi pubbliche

RA(VPN Connector)

CA:o=cryptonet,c=it

Per favorecertificare



RA(VPN Connector)

CA:o=cryptonet,c=it

Fingerprint:b2:c4:e6:00:…e9:aa:cc:01:...?

b2:c4:e6:00:…e9:aa:cc:01:...Fingerprint ?





CA:o=cryptonet,c=it

GRANT!

CA


Fine : il router possiede tutto il materiale necessario per farsi riconoscere.

CA:o=cryptonet,c=it




• Viene effettuato una tantum,• è un processo complesso e molto delicato,• la procedura deve essere eseguita

scrupolosamente per non comprometterne la validità,

• coinvolge diversi attori :– Amministratori del router,

– Amministratori della VPN (RA),

– Amministratori della CA


L’autenticazione tra L’autenticazione tra routersrouters

Durante il normale funzionamento della VPN, gli unici momenti in cui vi è un contatto con la PKI è durante la fase di autenticazione:

ca trust

DIRECTORY X.500

CRL ?Revoked certs:012342143,123234213,234342343,333242324

OK!



Il download delle CRLIl download delle CRLDurante il normale funzionamento della VPN, l’unica interazione con la PKI avviene con la sola directory, per ottenere le CRL più aggiornate:

• non richiede alcuna operazione manuale,• viene effettuata soltanto quando scade l’ultima CRL che è stata scaricata

OMNITEL Network ArchitectureOMNITEL Network Architecture

FirewallNMC

IPCN

CA LAN

SERVICE LAN

CertificationAuthority

DB(1) DB(n)

X.500master

FirewallOMC

SERVICE LAN

X.500shadow3

X.500shadow4

VPN RA GUI

CA ADMIN GUI

ROUTER ACCESSOMILANO

Router del provider

Col

lega

men

toIS

DN

/CD

N/

(In t

e rne

t)

ContentProvider

ROUTER ACCESSOROMA

Router del provider

ContentProvider

OMNINETFirewallOmniNet

ROUTER ACCESSONAPOLI,

BOLOGNA,etc.

Router del provider

ContentProvider

X.500shadow1 +

VPN ConnectorCGI

X.500shadow2

Shadowing

Shadowing



Wireless Wireless

&&

SecuritySecurity

Virtual Enterprise today…Virtual Enterprise today…



… add devices… add devices



Internet UsersInternet Users

The addressable market for secure wireless transactions is massive and growing at a faster rate than for secure

desktop transactions!

0

10

20

30

40

50

60

0 10 20 30 40 50 60 70 80 90

Usa

Giappone

Belgio

Francia

Germania

Grecia

SpagnaPortogallo

UK

Norvegia

NL SvizzeraIrlanda

Austria

LussemburgoItalia

Danimarca

Svezia

Finlandia

Penetrazione Mobile, in %

Pene

traz

i on e

In t

e rn e

t, i n

%

Fonte: Smau/EITO 2001

Mobile users Mobile users vs InterNet vs InterNet UsersUsers



•Data that is bursty and always-on, needs a packet infrastructure (vs. modem pool arrangement)

Wireless DataWireless Data

3G3G

2.5G2.5G

2G2G

2 Mbps

‘up to’100 Kbps

9.6 Kbps Today, circuit switched

2001, packet switched

2003, packet switched

0

200.000.000

400.000.000

600.000.000

800.000.000

1.000.000.000

1.200.000.000

1.400.000.000

1999 2000 2001 2002 2003 2004

WAP-capableTotal Cellular/PDAsPCs (wired connections)

Source: IDC, 2000

Market is huge!Market is huge!



250 milioni di utenti di telefonia mobile nel 2000 (+60% a fine 1999)

400 milioni di utenti di telefonia mobile nel 2003

penetrazione pari al 100% in molti Paesi

gli utenti di Internet raddoppieranno prima del 2005 rispetto ai 120 milioni del 2000

MOBILE E-COMMERCE

2001: 24 milioni di utenti

2003: 100 milioni di utenti e 38 miliardi di Euro di ricavi

2005: 175 milioni di utenti e 86 miliardi di Euro di ricavi

Lo scenario del Mobile ELo scenario del Mobile E--commerce commerce in Europa Occidentalein Europa Occidentale

VPN on GSM/GPRSVPN on GSM/GPRS



Wireless VPNWireless VPN

•Modem Pool

PDA users

•Internet

•HQ•Lan•Remote Office•Lan

•Router•Router

•Firewall

Encrypted TunnelClear Text Clear Text

PDA: PDA: iPAQ iPAQ Pocket PCPocket PC

Modem 56KEthernet 100MBps (Q4/01)

Connectivity

GSM/GPRS (Q1/02)Bluetooth (Q4/01)IEEE 802.11

Wireless pack

Up to 128MB(or 1GB removable HD)

Memory card slot

USB, serial, InfraredPorts

TFT LCD 240x320 64K color

Display

MS Pocket PC 2000/2002 (MS Win CE 3.0)

O.S.16MB – 32MB (flash)ROM32MB – 64MBRAM

Intel StrongARM 32-bit RISC 206MHz

Processor



Wireless VPN Wireless VPN vs Wireline vs Wireline VPNVPN

• Dedicated dial-up modem to access an ISP through the telephone network

• Wireless modem to access a local LAN

• Modem with data-capable mobile phone to access the ISP

Wireless connectionsWireless connections



Wireless LANs:Wireless LANs:

IEEE 802.11bIEEE 802.11b

IEEE 802.11bIEEE 802.11b

•It defines the standard for wireless LAN products that operate at an Ethernet-like data rate of 11 Mbps

•Interoperability of wireless LAN products from different vendors is ensured by an independent organization called the Wireless Ethernet Compatibility Alliance (WECA; see http://www.wi-fi.com), which brands compliant products as “Wi-Fi.”

•Security: access control and privacy between clients and access points



Security:Security:Wired LANs Wired LANs vs vs Wireless LANs (1)Wireless LANs (1)

Wired LANWired LAN1) Access Control:

it is governed by access to an Ethernet port for that LAN.

⇒ access control for a wired LAN often is viewed in terms of physical access to LAN ports.

2) Privacy:

data transmitted is directed to a particular destination,

⇒ privacy cannot be compromised unless someone uses specialized equipment to intercept transmissions on their way to their destination.

Security:Security:Wired LANs Wired LANs vs vs Wireless LANs (2)Wireless LANs (2)

Wireless LANWireless LAN1) Access Control:

transmitted data is broadcast over the air using radio waves

⇒ it can be received by any wireless LAN client in the area served by the data transmitter

2) Privacy:

there is no way to direct a wireless LAN transmission to only one recipient.

Installing a wireless LAN may seem like putting Ethernet ports Installing a wireless LAN may seem like putting Ethernet ports everywhereeverywhere



Virtual Private NetworkVirtual Private Network::• VPN is independent of any native wireless

LAN security schema• VPN runs transparently over a wireless LAN

(as for wired LAN)

Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP):• An optional encryption schema stipulated by

IEEE 802.11

How to secure a Wireless LANHow to secure a Wireless LAN

• WEP uses a symmetric schema• Its goals are:

• Access control• Privacy

• Software or hardware implementation of WEP• Two schema for defining the WEP keys:

1) Default key schema2) Key mapping schema

Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP)



• Two type of authentication methods: open and share key• The authentication method must be set on each client and

the setting should match that of the access point with which the client wants to associate

• OPEN (default): the entire authentication process is done in clear-text, and a client can associate with an access point even without supplying the correct WEP key.

• SHARED KEY: the access point sends the client a challenge text packet that the client must encrypt with the correct WEP key and return to the access point. If the client has the wrong key or no key, it will fail authentication and will not be allowed to associate with the access point.

WEP AuthenticationWEP Authentication

Wireless Solutions forWireless Solutions for

Mobile Commerce:Mobile Commerce:

Wireless PKIWireless PKI



WAPServer(WTLS)

WEBServer(SSL)

New or Existing Back End Systems

End to End Security

Mobile Operator

Internet Service Provider

Browser(SSL)

Micro-Browser(WTLS)

WEB / WAP ParallelsWEB / WAP Parallels

Security services in WAPSecurity services in WAP



Gateway AuthenticationGateway Authentication

WAP Currentproducts

Client (phone) authenticationClient (phone) authentication

No availableWAP products



Digital SignatureDigital Signature

No availableWAP products

DDeficiencieseficiencies of WAP of WAP (1)(1)•WAP-mobile are not widespread today

•Phone manufacturers go on selling non-WAP-mobile (less expensive and not perceived add-value)

•Many users do not use WAP features (or unable to)

•No “pure WAP solution” available for client authentication and signing transactions (only with WAP 1.2)

•No push of a signing request to the users mobile phone



DDeficiencieseficiencies of WAP of WAP (2)(2)

•We have to use GSM (with WAP, if there’s)

•ALL mobile phones uses GSM

•We can use Short Message Services (SMS)

for every operations

or just for operations that WAP does not implemented yet

•SMS are more user-friendly than WAP browsers

•Hence, hybrid solution between SMS e WAP

SAT WAP

CD Shop

Internet Gateway

WAPInternet Gateway

SAT

GSM

Wirelesswallet

Internet

Terminals

Wireless Internet

CD-storeWeb Server

WAP

SAT

MM--commercecommerce

••Web BrowserWeb Browser

••WAP BrowserWAP Browser

••SIM Application Toolkit SIM Application Toolkit Browser (WIB)Browser (WIB)



Menu structure on Mobile Phone

Phone book

Messages

Network

Settings

News Service

Headlines

…

Local

Sports

Weather

Exchange Rates

Traffic

Menu structure on Web Site

Tennis

Ice Hockey

Basketball

Water Polo…

Sweden and Finlandare meeting each other in what expects to be the game of the year...

Informationon Web Site

Movie TicketsBanking

…

Browsing services located on SIM Browsing services located on SIM and/or weband/or web--wapwap sitesite

Phone Manufacturer

Card Manufacturer

Mobile Operator End user

CA root key and/or certificate may be placed in firmware

mask from an image file provided by

Certificate Authority

CA root key and/or certificate may be

placed on SIM from an image file provided by

Certificate Authority

End User Encryption key-pair and digital signature key-pair pre-generated and

stored on SIM

End User enrollment at Mobile Operator:

End User Encryption Public Key and

Verification Public Key sent to

Certificate Authority for “binding” to

certificates.

Returned certificates stored on SIM or on

the network.

End User enrollment Over the Air:


Verification Public Key sent to Certificate

Authority for “binding” to certificates.


the network.

Service Provider

End User enrollment at Service Provider:


Verification Public Key sent to

Certificate Authority for “binding” to

certificates.


the network.

Key (& Certificate) Insertion PointsKey (& Certificate) Insertion Points



Wireless PKI SystemWireless PKI System

SMS-CIPIP or X.25

Wireless Wallet

Content provider

ApplicationCD-Shop

SmartTrust Certificate Manager and clients

Directory

SmartTrust DeliveryPlatform

SmartTrust security server

SAT enabled handset with WIB and Smarttrust SIM security client

WEB access

WAP or SAT access

SIM=Subscriber Identity Module

SAT =SIM Application Toolkit

WIB=Wireless Internet Browser



QuestionQuestionTimeTime

[email protected]@cryptonet.it

Altro Altro materialemateriale



CA definitionCA definition

• ip domain-name cryptonet.it• crypto ca identity myCA• enrollment mode ra• enrollment url http://192.168.0.1/cgi-bin• query url ldap://192.168.0.2• crl optional

An example of Cisco An example of Cisco ConfigurationConfiguration

Step 1—Generate Public/Private KeysStep 1—Generate Public/Private Keyscisco(config)#crypto key gen rsa usage-keyThe name for the keys will be: mirko.cryptonet.itChoose the size of the key modulus in the range of 360 to 2048 for yourSignature Keys. Choosing a key modulus greater than 512 may takea few minutes.

How many bits in the modulus [1024]:Generating RSA keys ...[OK]Choose the size of the key modulus in the range of 360 to 2048 for yourEncryption Keys. Choosing a key modulus greater than 512 may takea few minutes.

How many bits in the modulus [1024]:Generating RSA keys ...[OK]




#sho crypto key mypublic rsa% Key pair was generated at: 01:18:43 UTC Mar 1 1999Key name: mirko.cryptonet.itUsage: Signature KeyKey Data:305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00BEDC6C FBD327FC2AFC7521 F2DE3D04 D3239759 7908C8F1 64F0E58F 0116CF6A 897D6210 2D4BFC80CE41DF7B AA75ECAA 6680B13F 30F079BE DD361565 A325B72A 3D020301 0001

% Key pair was generated at: 01:18:45 UTC Mar 1 1993Key name: mirko.cryptonet.itUsage: Encryption KeyKey Data:305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C06DC2 3AE2BF72CE9FD6F6 55C13A0D A3C183D5 1E7E4523 E8863DDC D852FD32 86461BBC F10EEA778A6A5AC9 AFEF6B0A 03107565 03384DB4 4E6C4A77 0C594B10 31020301 0001

Step 1—Generate Public/Private KeysStep 1—Generate Public/Private Keys


Cisco(config)#cryp ca authenticate myCACertificate has the following attributes:Fingerprint: 1A5416D6 2EEE8943 D11CCEE1 3DEE9CE7% Do you accept this certificate? [yes/no]: y

Step 2—Request the CA and RA CertificatesManually verify Fingerprint of CAStep 2—Request the CA and RA CertificatesManually verify Fingerprint of CA




Step 2—Request the CA and RA CertificatesManually verify Fingerprint of CAStep 2—Request the CA and RA CertificatesManually verify Fingerprint of CA


cisco(config)#crypto ca enroll myCA% Start certificate enrollment ..% Create a challenge password. You will need to verbally provide this

password to the CA Administrator in order to revoke your certificate.For security reasons your password will not be saved in the configuration.Please make a note of it.

Password:Re-enter password:

% The subject name in the certificate will be: mirko.cryptonet.it% Include the router serial number in the subject name? [yes/no]: n% Include an IP address in the subject name? [yes/no]: nRequest certificate from CA? [yes/no]: y

Step 3—Enrol the Router with the CAStep 3—Enrol the Router with the CA




cisco(config)#Signing Certificate Request Fingerprint:4C6DB57D 7CAF8531 7778DDB3 CCEB1FFB

Encryption Certificate Request Fingerprint:D33447FE 71FF2F24 DA98EC73 822BE4F7

Step 3—Enrol the Router with the CAFingerprints sent to CA for manual verificationStep 3—Enrol the Router with the CAFingerprints sent to CA for manual verification


Step 3—Enrol the Router with the CAFingerprints sent to CA for manual verificationStep 3—Enrol the Router with the CAFingerprints sent to CA for manual verification




cisco#show crypto ca certificateCertificate

Subject NameName: mirko.cryptonet.it

Status: PendingKey Usage: SignatureFingerprint: 4C6DB57D 7CAF8531 7778DDB3 CCEB1FFB

CertificateSubject Name

Name: mirko.cryptonet.itStatus: PendingKey Usage: EncryptionFingerprint: D33447FE 71FF2F24 DA98EC73 822BE4F7

Step 4—CA grants CertificatesStatus Pending -> AvailableStep 4—CA grants CertificatesStatus Pending -> Available


Step 4—CA grants CertificatesStep 4—CA grants Certificates


Documents

Virtual Private Network Wireless