1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE 11.0.X IP SERVICES
  6. Configuration manual

Ike Authentication With Digital Certificates; Signature Authentication - Juniper JUNOSE 11.0.X IP SERVICES Configuration Manual

For e series broadband services routers - ip services configuration
Hide thumbs
Table of Contents

Advertisement

For more information about IPSec and IKE, see "Configuring IPSec" on page 125.

IKE Authentication with Digital Certificates

As part of the IKE protocol, one security gateway needs to authenticate another
security gateway to make sure that IKE SAs are established with the intended party.
The router supports two authentication methods:
The following sections provide information about digital certificates. For information
about using preshared keys, see "IKE Overview" on page 140.
You can also use public keys for RSA authentication without having to obtain a digital
certificate. For details, see "IKE Authentication Using Public Keys Without Digital
Certificates" on page 220 .

Signature Authentication

The following are key steps for using public key cryptography to authenticate a peer.
These steps are described in more detail in the following sections.
1.
2.
RFC 2409 The Internet Key Exchange (IKE) (November 1998)
RFC 2459 Internet X.509 Public Key Infrastructure Certificate and CRL Profile
(January 1999)
RFC 2986 PKCS #10: Certification Request Syntax Specification Version 1.7
(November 2000)
RFC 3280 Internet X.509 Public Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile (April 2002)
RFC 3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
Specifications Version 2.1 (February 2003)
Digital certificates (using RSA algorithms)
For digital certificate authentication, an initiator signs message interchange data
using his private key, and a responder uses the initiator's public key to verify
the signature. Typically, the public key is exchanged via messages containing
an X.509v3 certificate. This certificate provides a level of assurance that a peer's
identity as represented in the certificate is associated with a particular public
key. E Series Broadband Services Routers provide both an offline (manual) and
an online (automatic) process when using digital certificates.
Preshared keys
With preshared key authentication, the same secret must be configured on both
security gateways before the gateways can authenticate each other.
Generating a private/public key pair
Before the router can place a digital signature on messages, it requires a private
key to sign, and requires a public key so that message receivers can verify the
signature.
Obtaining a root CA certificate
Chapter 8: Configuring Digital Certificates
IKE Authentication with Digital Certificates
215

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOSE 11.0.X IP SERVICES

Related Content for Juniper JUNOSE 11.0.X IP SERVICES

This manual is also suitable for:

Junose 11.0.x

Table of Contents