Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

conceptual working if digital certificates in ipsec

hi everyone need ur help once again. i read about digital signatures it said that the router while sending the pkcs 10 the certificate request form first hashes the form and encryptes the hash using it's private key and attaches this encrypted hash called as diggital signature is attched to the original message or form the form contains the public key in it.the CA gets the form verifies the signature by decrypting the signature using the routers public key from the form and hashes the form once again to compare the hash values to verify that the data was not tampered along the path.the cisco ios book says that the router sends a unsigned certificate to the CA.and the CA computes a hash of the message and encryptes the hash with his own private key .this encrypted hash is called digital signature.the CA attaches this signature to the certificate this certificate is called the identity certificatefor the router.i just want to know which is the right one .all ur inputs are highly appreciated.



Re: conceptual working if digital certificates in ipsec

I feel the second part is the right procedure. Router send an unsigned certificate to the CA. This has the details of the router such as name, IP address etc. The CA verifies the certificate, then hashes the content of the certificate and encrypts the hash using its (CA's) private key. This encryption using its private key means that the CA is digitaly signed the certificate.This is sent back to the router. The router can present this certificate, now digitaly signed by the CA, to its peers for authentication.