site to site vpn use dig cer

《site to site vpn use dig cer》由会员上传分享，免费在线阅读，更多相关内容在教育资源-天天文库。

1、Site-to-SiteVPN’sUsingDigitalCertificatesProblemsolvedbyCertificatesThemanagementofPre-sharekeysbecomesmoreproblematicasanetworkgrowsincomplexityProblemsolvedbyCertificatesWecannowusetheCertAuthoritytovalidatetheidentityoftheroutersCertificationAuthorityWhatisacertificateCASign

2、atureVerisignSuchacompanyasVerisign,entrustarecompaniesdedicatedtoencryptionanddonothingbutruntrustedauthoritiesieifyouareusingexplorerandgotoawebsiteusingencryption,thenthatsitemusthavebeenvalidatedbyoneofthesecompanieslikeVerisignandbeengivenatrustedcertificate.CAsignatures“h

3、owdoesitwork”VerisignPublicKeyPrivateKeyCertificationAuthorityPublicKeyPublicKeyInternetexplorerPrivateKeyPublicDomainPublicKeyVerisignYesIcantrustthiscertificateCertificationAuthorityRTARTAPrivateKeyPublicKeyPublicKeyVerisignCAsignatures“howdoesitwork”XYZGenerateRSAkeysCAsigna

4、tures“howdoesitwork”IwanttosetaVPNwithyouHere’smycertificateVerisignZZZXXXPublicKeyCanItrustthiscertificatePublicKeyYesIcanWhoamItalkingtoRTARTAProblemsolvedbyCertificatesWecannowusetheCertAuthoritytovalidatetheidentityoftheroutersCertificationAuthoritySimpleCertificateEnrolmen

5、tProtocolSCEPistheprotocolusedtoautomatetheprocessofgettingcertificatesontodevices.Therearetwomodeswecanuse:ManualPreshareEntrustVerisignWindows2000CertificateauthoritiesrouterstrustTheRouterenrolmentprocessCertificationAuthority2.RequesttheAuthoritiescertificateCanIhaveyourcer

6、tificateYeshereitis1.GenerateapairofkeysRSAKeys3.DecidewhethertoacceptthecertificateAssumeyoudoStoretheCA’scertificateNowyourequestanIdentitycertificateAgainifyouacceptthiscertificateitwillbestoredinNVRAMandbeusedwhencreatingVPN’sCertificateStandardsPublickeycryptographystandar

7、d(PKCS)#7ThisisthestandardusedforsigningthesecertificatesPublickeycryptographystandard(PKCS)#10ThisisthestandardforrequestingthecertificatesRivestShamirAdleman(RSA)KeysX509CertificatesThisthecertificateitself,thesignedcertificateConfigureCASupportonaCiscoRouterPlanthecertificat

8、edVPNThecertificationProcessCiscoIOSSoftwareCAConfigur