Applying rsa digital signature in ike negotiation, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

Page 331

Advertising
background image

319

X509v3 Authority Key Identifier:

keyid:9D823258 EADFEFA2 4A663E75 F416B6F6 D41EE4FE

X509v3 CRL Distribution Points:

URI:http://l00192b/CertEnroll/CA%20server.crl

URI:file://\\l00192b\CertEnroll\CA server.crl

Authority Information Access:

CA Issuers - URI:http://l00192b/CertEnroll/l00192b_CA%20server.crt

CA Issuers - URI:file://\\l00192b\CertEnroll\l00192b_CA server.crt

1.3.6.1.4.1.311.20.2:

.0.I.P.S.E.C.I.n.t.e.r.m.e.d.i.a.t.e.O.f.f.l.i.n.e

Signature Algorithm: sha1WithRSAEncryption

81029589 7BFA1CBD 20023136 B068840B

You can also use some other display commands to view more information about the CA certificate.

Applying RSA digital signature in IKE negotiation

Network requirements

An IPsec tunnel is set up between SecPath A and SecPath B to secure the traffic between Host A on

subnet 10.1.1.0/24 and Host B on subnet 11.1.1.0/24.

SecPath A and SecPath B use IKE for IPsec tunnel negotiation and RSA digital signature of a PKI

certificate system for identity authentication.

As shown in

Figure 209

, SecPath A and SecPath B use different CAs. They might also use the same

CA as required.

Advertising