conceptual working if digital certificates in ipsec
hi everyone need ur help once again. i read about digital signatures it said that the router while sending the pkcs 10 the certificate request form first hashes the form and encryptes the hash using it's private key and attaches this encrypted hash called as diggital signature is attched to the original message or form the form contains the public key in it.the CA gets the form verifies the signature by decrypting the signature using the routers public key from the form and hashes the form once again to compare the hash values to verify that the data was not tampered along the path.the cisco ios book says that the router sends a unsigned certificate to the CA.and the CA computes a hash of the message and encryptes the hash with his own private key .this encrypted hash is called digital signature.the CA attaches this signature to the certificate this certificate is called the identity certificatefor the router.i just want to know which is the right one .all ur inputs are highly appreciated.
Re: conceptual working if digital certificates in ipsec
I feel the second part is the right procedure. Router send an unsigned certificate to the CA. This has the details of the router such as name, IP address etc. The CA verifies the certificate, then hashes the content of the certificate and encrypts the hash using its (CA's) private key. This encryption using its private key means that the CA is digitaly signed the certificate.This is sent back to the router. The router can present this certificate, now digitaly signed by the CA, to its peers for authentication.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...