ACE certificates/Keys

Unanswered Question
May 19th, 2008

Another nagging question..

why is it that when I install and verify a certificate/key combination on an ACE appliance running 1.7(a) that sometimes I can't see the certificates in the web UI, and i can't ever see the keys?

-Geoff

Note: it dosn't seem to matter how I install the key/certificate, and they do verify with each other.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Fri, 05/23/2008 - 07:03

Without digital certificates, you must manually configure each IPSec peer for every peer with which it communicates, and every new peer you add to a network would thus require a configuration change on every peer with which you need it to communicate securely.

When you use digital certificates, each peer is enrolled with a CA. When two peers attempt to communicate, they exchange certificates and digitally sign data to authenticate each other. When a new peer is added to the network, you enroll that peer with a CA and none of the other peers need modification. When the new peer attempts an IPSec connection, certificates are automatically exchanged and the peer can be authenticated.

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/certs.html

Actions

This Discussion