A network appliance may be a computing device (e.g., a desktop computer, laptop computer, a router, etc.) that communicates with a server via a network. To ensure privacy and security during communication between the network appliance and the server, authentication and verification mechanisms may be used. One such mechanism is known as a public key infrastructure system.
In a public key infrastructure system, a network appliance may send a certificate signing request (CSR) to a certificate authority in order to apply for a signed identity certificate. Before creating a CSR, the network appliance may first generate a key pair (including a public key and a private key), keeping the private key secret. The CSR may contain information identifying the network appliance (e.g., its distinguished name in the case of an X.509 certificate), and the public key generated by the network appliance. If the request is successful (e.g., if the identifying information, credentials and proofs of identity are satisfactory), the certificate authority will send back an identity certificate (also known as a digital certificate, signed certificate, public key certificate, etc.) that has been digitally signed with the private key of the certificate authority. This identity certificate may then used by the network appliance to authenticate itself to the server and other networked devices that trust the certificate authority.
The identity certificate is often generated as part of activating a new network appliance. In particular, when a user wants to activate a network appliance, the user identifies the network appliance to a back end server, which then triggers the activation of the network appliance upon verifying the identity of the network appliance. If the network appliance identity provided by the user is incorrect, the activation process does not take place.