> One other thing to note, we are still unsuccessfull in
> getting certs from Microsoft to the PIX. According to
> CCO it will only work with entrust and Verisign.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/pixrn5
21.htm#xtocid1335820
HTH,
-A
--
Heroes: Vint Cerf & Bob Kah
gt;
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "'Jason1'"
<[EMAIL PROTECTED]>; "'Jim Bond'" <[EMAIL PROTECTED]>
Sent: Friday, September 22, 2000 3:45 AM
Subject: Re: CA in IPSec
> One other thing to note, we are still unsuccessfull in
'Chris Larson'
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; 'Jason1'; 'Jim Bond'
> Subject: RE: CA in IPSec
>
> > We will secure by having the root CA off-line and walking
> > the ROOT Cert to the RA. Also, the CA cert will remain
> >
> We will secure by having the root CA off-line and walking
> the ROOT Cert to the RA. Also, the CA cert will remain
> pending until the security admin issues it to the router.
You should note that IOS currently doesn't currently support
cert chaining (subordinate CAs). I learned this the hard wa
: "Jason1" <[EMAIL PROTECTED]>
To: "Chris Larson" <[EMAIL PROTECTED]>; "Jim Bond" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, September 20, 2000 5:31 PM
Subject: Re: CA in IPSec
> I don't thin
TED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, September 20, 2000 5:47 AM
Subject: Re: CA in IPSec
> Microsoft Advance Server has a CA and the resource kit has the SCEP
(simple
> cert enrollment protocol) developed by Cisco. You can use this as a root
CA
> for your orginaztion (or outsi
Microsoft Advance Server has a CA and the resource kit has the SCEP (simple
cert enrollment protocol) developed by Cisco. You can use this as a root CA
for your orginaztion (or outside your enterprise) to issue certificates to
the routers, the Cisco VPN client and the 2000 boxes
- Original M
7 matches
Mail list logo