also use some other display commands to view more information about the CA certificate. For more
information about display pki certificate ca domain, see Security Command Reference.
Applying RSA digital signature in IKE negotiation
Network requirements
An IPsec tunnel is set up between Router A and Router B to secure the traffic between Host A on
•
subnet 10.1.1.0/24 and Host B on subnet 11.1.1.0/24.
Router A and Router B use IKE for IPsec tunnel negotiation and RSA digital signature of a PKI
•
certificate system for identity authentication.
As shown in
•
as required.
Figure 88 Apply RSA digital signature in IKE negotiation
CA 1
1.1.1.101/32
RA 1
1.1.1.100/32
Router A
GE1/0/1
10.1.1.1/24
Host A
10.1.1.2/24
Authority Information Access:
CA Issuers - URI:http://l00192b/CertEnroll/l00192b_CA%20server.crt
CA Issuers - URI:file://\\l00192b\CertEnroll\l00192b_CA server.crt
1.3.6.1.4.1.311.20.2:
.0.I.P.S.E.C.I.n.t.e.r.m.e.d.i.a.t.e.O.f.f.l.i.n.e
Figure
88, Router A and Router B use different CAs. They might also use the same CA
PKI certificate system
CA 2
2.1.1.101/32
LDAP 1
1.1.1.102/32
RA 2
2.1.1.100/32
S2/0/1
2.2.2.1/24
Internet
LDAP 2
2.1.1.102/32
Router B
S2/0/1
3.3.3.1/24
GE1/0/1
11.1.1.1/24
Host B
11.1.1.2/24
237