Router Enrollment And Revocation - Netscape MANAGEMENT SYSTEM 6.0 Installation And Setup Manual

Some Enrollment Scenarios

Router Enrollment and Revocation

Cisco routers support the use of certificates for authentication, encryption, and
tamper detection with the IP Security (IPSec) protocol. Cisco routers also support
CEP for certificate life-cycle management, as discussed in the previous section.
The following steps describe how two routers can use a Certificate Manager to
enroll in a PKI and what happens when a router's certificate is revoked. These
steps are shown in Figure 2-7.
Enroll in PKI. The routers each send a certificate request to the Certificate
1.
Manager via CEP, and the Certificate Manager issues them certificates. (Any of
the authentication methods discussed in the previous section can be used
during enrollment to authenticate the client.)
Publish certificates. As part of the issuing process, the Certificate Manager
2.
publishes the certificates to the directory. (Publishing occurs only if the router's
DN exists in the publishing directory. This is important for some Cisco routers
that must fetch their certificates from an LDAP directory because flash memory
is not large enough to hold them.) The routers can now authenticate each other
and establish an encrypted channel using IPSec. All TCP/IP communication
passes through this encrypted channel. From the point of view of other
connections to each router, they all appear to be sharing the same TCP/IP
network.
Revoke a certificate. After some time has passed, the Certificate Manager
3.
agent revokes one of the certificates (for example, after the certificate owner
leaves the company).
Publish CRL. The Certificate Manager publishes the CRL to the directory.
4.
Verify certificate. The routers check the CRL as part of their mutual
5.
authentication process. Certificates listed in the CRL are not authenticated, and
routers presenting them cannot establish a connection.
96 Netscape Certificate Management System Installation and Setup Guide • March 2002