RE: CA in IPSec

From: Asbjorn Hojmark (Asbjorn@xxxxxxxxxxx)
Date: Thu Sep 21 2000 - 19:09:34 GMT-3

• Next message: Asbjorn Hojmark: "RE: The 2948G-L3"
• Previous message: Asbjorn Hojmark: "RE: ags+ question"
• Maybe in reply to: Jim Bond: "CA in IPSec"
• Next in thread: Horvath, Russell: "RE: CA in IPSec"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
> We will secure by having the root CA off-line and walking
> the ROOT Cert to the RA. Also, the CA cert will remain
> pending until the security admin issues it to the router.

You should note that IOS currently doesn't currently support
cert chaining (subordinate CAs). I learned this the hard way.

TAC tells me, however, that DE is testing two-level hierar-
chies and that they expect it to ship with 12.1(4)T or maybe
first with 12.2.

HTH,
-A

--
Heroes: Vint Cerf & Bob Kahn, Leonard Kleinrock, Robert Metcalfe
Links : http://www.hojmark.org/networking/

• Next message: Asbjorn Hojmark: "RE: The 2948G-L3"
• Previous message: Asbjorn Hojmark: "RE: ags+ question"
• Maybe in reply to: Jim Bond: "CA in IPSec"
• Next in thread: Horvath, Russell: "RE: CA in IPSec"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:00 GMT-3