Hi Guys
As per my previous question, we are looking to use an internal PKI to generate certificates that will be deployed to Mobile Devices. It seems we can use MobileIron/ Airwatch to deploy the certificate and certificate chain to the mobile device, so there should be no issue with the device trusting our CA.
I'm interested in how the certificate itself fits into Public Key/Private key theory.
As per below:
"A public key certificate, usually just called a certificate, is a digitally signed statement that’s commonly used for authentication and to secure information on open networks. A certificate securely binds a public key to the entity that holds the corresponding private key. The issuing CA digitally signs the certificates, and they can be issued for a user, a computer, or a service.
Public key certificates are rooted on asymmetric or public key cryptography. Asymmetric ciphers are built on the unique mathematical relationship that exists between a public and a private key. The public key is the non-secret half of a cryptographic key pair that’s used with a public key algorithm. Public keys are typically used when encrypting a session key, verifying a digital signature, or encrypting data that can be decrypted with the corresponding private key. The private key is the secret half of a cryptographic key pair that’s used with a public key algorithm. Private keys are typically used to decrypt a symmetric session key, digitally sign data, or decrypt data that has been encrypted with the corresponding public key."
Am I therefore correct in saying that the steps are:
i. The user certificate is generated using the public key of the PKI + the username
ii. The certificate is digitally signed by the CA
iii. The certificate is deployed to the mobile device
In which case, where does the Private Key (of the user/CA?) fit into all of this?