I'm running PKI network and I've question about the public ca certificate.
My ca-certificate have a lifetime of 2 years. All the certificates generated by the ca server have a 1 year lifetime and they reenroll at 70% of that lifetime. What's the impact of the ca-certificate end or the ca-certificate regenaration. I found that when a spoke will reenroll his certificate, he won't be able to do this if the generated certificate lifetime is greater than the ca-certificate lifetime remaning.
Does someone have documentation about that or have experience the same problem ?
Certificate enrollment, which is the process of obtaining a certificate from a certification authority (CA), occurs between the end host requesting the certificate and the CA. Each peer that participates in the public key infrastructure (PKI) must enroll with a CA.For more information on this kindly follow the url,
But my Certification Authority (CA) have un public certificate that is used by the authentication process of my spoke. And that public certificate have an expiration date. I want to know the impact of renewing this public certificate ?
But I'll read you pdf to see if I can find something interesting
I recently receive informations about an hidden command (auto-rollover) that was introduce in IOS 12.4.
But you must have 12.4 IOS on both side (CA server and customers side).
The CA can generate new root certificate and new key pair, a [period of time] before the expiration of his old certificate. The new certificate and key pair will be store for new SCEP request and SCEP reenrollment request and will take effect the date of the expiration.
I wont be able to check if it will work because I don't have 12.4 IOS on my spokes router.
I'll propably use a temporary PSK policy during the time that I'll start a new PKI architecture with higher lifetime value.
But thank you very much.
p.s. I don't know if you can used a part of that feature with MS-CA.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...