Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Which CA for Cisco IOS VPN PKI

Hi,

I am currently doing some testing to figure out an optimal solution for providing a PKI for multiple customer VPNs (IKE authentication).

I would like to implement

- SCEP for enrollment

- manual admin permission for first enrollment

- automatic re-enrollment in case a certificate times out (without any manual admin approval)

- automatic renewal of CA certificate

- Certificate Revocation Mechanism for all VPN peers (required for full mesh VPNs)

So far I have tested

- Cisco IOS CA - works like a charm - unsure about scalability, manageability and multi-customer support

- Windows 2008 CA - real pain to work with, couldn't get all requirements implemented unitl now

What would you recommend?

Everyone's tags (3)
2 REPLIES
Cisco Employee

Which CA for Cisco IOS VPN PKI

Can't say whether it will meet all your requirments but check also http://www.ejbca.org/

New Member

Which CA for Cisco IOS VPN PKI

Thanks!

I already heard of ejbca and its SCEP capability. This will be the next on the list to try if no other proposals sound better.

148
Views
5
Helpful
2
Replies