Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
287
Views
0
Helpful
1
Replies

ACE certificates/Keys

gkuchera
Level 1
Level 1

‎05-19-2008 07:57 PM

Another nagging question..

why is it that when I install and verify a certificate/key combination on an ACE appliance running 1.7(a) that sometimes I can't see the certificates in the web UI, and i can't ever see the keys?

-Geoff

Note: it dosn't seem to matter how I install the key/certificate, and they do verify with each other.

Labels:
0 Helpful
1 Reply 1

Not applicable

‎05-23-2008 07:03 AM

Without digital certificates, you must manually configure each IPSec peer for every peer with which it communicates, and every new peer you add to a network would thus require a configuration change on every peer with which you need it to communicate securely.

When you use digital certificates, each peer is enrolled with a CA. When two peers attempt to communicate, they exchange certificates and digitally sign data to authenticate each other. When a new peer is added to the network, you enroll that peer with a CA and none of the other peers need modification. When the new peer attempts an IPSec connection, certificates are automatically exchanged and the peer can be authenticated.

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/certs.html

0 Helpful
Customers Also Viewed These Support Documents