On Fri, Feb 11, 2000 at 04:43:48PM -0800, [EMAIL PROTECTED] wrote:
>
> I'm configuring a few cisco routers to do IKE for our VPN's. Works great
> with pre-shared keys, but for scalability purposes I'd like to use
> certificates, which requires the use of a CA. But the ciscos store keys
> and certificates in a format I'm not familiar with and was wondering if
> anyone had any idea.
> Date: Mon, 31 Jan 2000 21:23:59 -0800
> From: John Muller <[EMAIL PROTECTED]>
>
> Cisco Systems announces open Simple Certificate Enrollment Protocol
> to support the secure issuance of digital certificates to network
> devices and users
> http://www.cisco.com/warp/public/cc/cisco/mkt/security/tech/scep_wp.htm
In short, ciscos are required to store private keys and are supposed
to fetch certs and crls from ca with LDAP or SCEP query.
> Here's an example certificate grabbed from
>
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt4/scinter.htm
> certificate ca 3051DF7169BEE31B821DFE4B3A338E5F
I believe this is MD5 of the (whole) ca cert
> 30820182 3082012C A0030201 02021030 51DF7169 BEE31B82 1DFE4B3A 338E5F30
Is asn1parse capable to BER-decode? It may be "PKI message" from 3.2 clause
> ...
> B1D2F817 3F7B
> quit
What is this "quit"?
Hope that help a bit,
Vadim
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
