258
URI:http://l00192b/CertEnroll/CA%20server.crl
URI:file://\\l00192b\CertEnroll\CA server.crl
Authority Information Access:
CA Issuers - URI:http://l00192b/CertEnroll/l00192b_CA%20server.crt
CA Issuers - URI:file://\\l00192b\CertEnroll\l00192b_CA server.crt
1.3.6.1.4.1.311.20.2:
.0.I.P.S.E.C.I.n.t.e.r.m.e.d.i.a.t.e.O.f.f.l.i.n.e
…
You can also use some other display command, for example, the display pki certificate ca
domain command, to display more information about the CA certificate.
IKE negotiation with RSA digital signature
Network requirements
An IPsec tunnel is set up between Router A and Router B to secure the traffic between Host A on
subnet 10.1.1.0/24 and Host B on subnet 11.1.1.0/24.
Router A and Router B use IKE for IPsec tunnel negotiation and RSA digital signature of a PKI
certificate system for identity authentication. Router A and Router B use the same CA.
Figure 74 Network diagram
Configuration procedure
1. Configure Router A:
# Configure the entity DN.
<RouterA> system-view
[RouterA] pki entity en
To Next Page
Loading...
Need help?
General
