Applying rsa digital signature in ike negotiation, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual
Page 331
319
X509v3 Authority Key Identifier:
keyid:9D823258 EADFEFA2 4A663E75 F416B6F6 D41EE4FE
X509v3 CRL Distribution Points:
URI:http://l00192b/CertEnroll/CA%20server.crl
URI:file://\\l00192b\CertEnroll\CA server.crl
Authority Information Access:
CA Issuers - URI:http://l00192b/CertEnroll/l00192b_CA%20server.crt
CA Issuers - URI:file://\\l00192b\CertEnroll\l00192b_CA server.crt
1.3.6.1.4.1.311.20.2:
.0.I.P.S.E.C.I.n.t.e.r.m.e.d.i.a.t.e.O.f.f.l.i.n.e
Signature Algorithm: sha1WithRSAEncryption
81029589 7BFA1CBD 20023136 B068840B
…
You can also use some other display commands to view more information about the CA certificate.
Applying RSA digital signature in IKE negotiation
Network requirements
•
An IPsec tunnel is set up between SecPath A and SecPath B to secure the traffic between Host A on
subnet 10.1.1.0/24 and Host B on subnet 11.1.1.0/24.
•
SecPath A and SecPath B use IKE for IPsec tunnel negotiation and RSA digital signature of a PKI
certificate system for identity authentication.
•
As shown in
, SecPath A and SecPath B use different CAs. They might also use the same
CA as required.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS