[svc]cisco ipsec使用证书认证

最新推荐文章于 2023-09-21 15:00:32 发布
最新推荐文章于 2023-09-21 15:00:32 发布
阅读量2k 收藏 7
点赞数

基础配置

806469-20171224151659006-609527021.png

用的c7200-adventerprisek9-mz.151-4.M2.bin

- R1
conf t
int f0/0
ip add 202.100.1.1 255.255.255.0
no shu 
int l0
ip add 1.1.1.1 255.255.255.0


- R2
conf t
int f0/0
ip add 202.100.1.2 255.255.255.0
no shu 
int l0
ip add 2.2.2.2 255.255.255.0


- CA server
hostname CA
conf t
int f0/0
ip add 202.100.1.100 255.255.255.0
no shu 
int l0
ip add 100.100.100.100 255.255.255.0


- R1
ip route 0.0.0.0 0.0.0.0 202.100.1.2

-R2
ip route 0.0.0.0 0.0.0.0 202.100.1.1

- 设置时间-3台
conf t
clock timezone GMT +8

clock set 22:00:00 Dec 24 2017
show clock

cisco router架设ca服务器

conf t
ip http server
ip domain name maotai.com
crypto pki server CA
issuer-name cn=CA.maotai.com,ou=maotaisec,o=maotai,l=beijing,c=cn,e=admin@maotai.com
lifetime certificate 180
no shu

- 查看根证书(自签名证书)
show crypto pki server

r1 2生成公私钥对

conf t
crypto key generate rsa modulus 1024 label R1-key
crypto key generate rsa modulus 1024 label R2-key

r1使用sepc协议在线申请证书

- 填写到证书服务器的地址和自己的信息
crypto pki trustpoint CA
 enrollment url http://202.100.1.100:80
 subject-name cn=R1.maotai.com,ou=maotaisec,o=maotai
 revocation-check crl
- 开始提交申请

1,通过secp协议联系到了证书服务器
2,将Ca证书下载到了本地
3,将Ca证书做了hash

R1(config)#crypto pki authenticate CA #回车做了已上三件事
Certificate has the following attributes:
       Fingerprint MD5: A76CA339 2E96CB3A 57B6F963 80D53D04 
      Fingerprint SHA1: E7128D47 37C013DB A634A016 1BD2B674 0BE48333
此时应该将ca证书的hash发给ca管理员,去核对ca证书是否是真实的. 确认后yes

- R1收到了根证书, 查看根证书
R1#show crypto pki certificates 
CA Certificate
  Status: Available
  Certificate Serial Number (hex): 01
  Certificate Usage: Signature
  Issuer: 
    cn=CA.maotai.com
    ou=maotaisec
    o=maotai
    l=beijing
    c=cn
    e=admin@maotai.com
  Subject: 
    cn=CA.maotai.com
    ou=maotaisec
    o=maotai
    l=beijing
    c=cn
    e=admin@maotai.com
  Validity Date: 
    start date: 22:02:23 GMT Dec 24 2017
    end   date: 22:02:23 GMT Dec 23 2020
  Associated Trustpoints: CA

3

R2操作获取CA证书-通过离线方式(不通过在线sepc协议)

crypto key generate rsa modulus 1024 label R2-key
- r2填写信息
crypto pki trustpoint CA
 enrollment terminal
 subject-name cn=R2.maotai.com,ou=maotaisec,o=maotai
 revocation-check none


- ca导出ca证书 发给r2
R3(config)#crypto pki export CA pem terminal 
% The specified trustpoint is not enrolled (CA).
% Only export the CA certificate in PEM format.
% CA certificate:
-----BEGIN CERTIFICATE-----
MIIC0zCCAjygAwIBAgIBATANBgkqhkiG9w0BAQQFADB9MR8wHQYJKoZIhvcNAQkB
FhBhZG1pbkBtYW90YWkuY29tMQswCQYDVQQGEwJjbjEQMA4GA1UEBxMHYmVpamlu
ZzEPMA0GA1UEChMGbWFvdGFpMRIwEAYDVQQLEwltYW90YWlzZWMxFjAUBgNVBAMT
DUNBLm1hb3RhaS5jb20wHhcNMTcxMjI0MTQwMjIzWhcNMjAxMjIzMTQwMjIzWjB9
MR8wHQYJKoZIhvcNAQkBFhBhZG1pbkBtYW90YWkuY29tMQswCQYDVQQGEwJjbjEQ
MA4GA1UEBxMHYmVpamluZzEPMA0GA1UEChMGbWFvdGFpMRIwEAYDVQQLEwltYW90
YWlzZWMxFjAUBgNVBAMTDUNBLm1hb3RhaS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAOA2917GGO8huAJ9uxfxCjlEEG3y4GyGF+oEl5tuCpWA0LncOOiI
C9l5QrheebQ/lX4bEej1ZEtfQd8IHJf/3s4VC3t0tqG0GoXIF0ESFVB8WKVQ8jam
xV5h4GHH2P3hQdaz/4lNtwxoutoHMRV2bcJXLLXDIBpx1ajp3hM2dzOvAgMBAAGj
YzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaA
FBg3p/6/o/qljWcZRgBBqOtRjDXKMB0GA1UdDgQWBBQYN6f+v6P6pY1nGUYAQajr
UYw1yjANBgkqhkiG9w0BAQQFAAOBgQDGu/cxyC7uKxucQgn+vTc943O1M9mIrMn1
BMvRRYr1E9r0wtxPhfxqj6Op0A8rsvg0Y5Gufi3ePwOLOOqBAMJwb3ZfgYGLTTsv
xbLusphV3km6ooWYXWXrNqkNfJaIuZlzFdPVjc4GIVHZ/A9KPILTkB/HYZ8S2goF
JLDTdVgxgg==
-----END CERTIFICATE-----



- R2导入ca证书
R2(config)#crypto pki authenticate CA

Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself

-----BEGIN CERTIFICATE-----
MIIC0zCCAjygAwIBAgIBATANBgkqhkiG9w0BAQQFADB9MR8wHQYJKoZIhvcNAQkB
FhBhZG1pbkBtYW90YWkuY29tMQswCQYDVQQGEwJjbjEQMA4GA1UEBxMHYmVpamlu
ZzEPMA0GA1UEChMGbWFvdGFpMRIwEAYDVQQLEwltYW90YWlzZWMxFjAUBgNVBAMT
DUNBLm1hb3RhaS5jb20wHhcNMTcxMjI0MTQwMjIzWhcNMjAxMjIzMTQwMjIzWjB9
MR8wHQYJKoZIhvcNAQkBFhBhZG1pbkBtYW90YWkuY29tMQswCQYDVQQGEwJjbjEQ
MA4GA1UEBxMHYmVpamluZzEPMA0GA1UEChMGbWFvdGFpMRIwEAYDVQQLEwltYW90
YWlzZWMxFjAUBgNVBAMTDUNBLm1hb3RhaS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAOA2917GGO8huAJ9uxfxCjlEEG3y4GyGF+oEl5tuCpWA0LncOOiI
C9l5QrheebQ/lX4bEej1ZEtfQd8IHJf/3s4VC3t0tqG0GoXIF0ESFVB8WKVQ8jam
xV5h4GHH2P3hQdaz/4lNtwxoutoHMRV2bcJXLLXDIBpx1ajp3hM2dzOvAgMBAAGj
YzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaA
FBg3p/6/o/qljWcZRgBBqOtRjDXKMB0GA1UdDgQWBBQYN6f+v6P6pY1nGUYAQajr
UYw1yjANBgkqhkiG9w0BAQQFAAOBgQDGu/cxyC7uKxucQgn+vTc943O1M9mIrMn1
BMvRRYr1E9r0wtxPhfxqj6Op0A8rsvg0Y5Gufi3ePwOLOOqBAMJwb3ZfgYGLTTsv
xbLusphV3km6ooWYXWXrNqkNfJaIuZlzFdPVjc4GIVHZ/A9KPILTkB/HYZ8S2goF
JLDTdVgxgg==
-----END CERTIFICATE-----

Certificate has the following attributes:
       Fingerprint MD5: A76CA339 2E96CB3A 57B6F963 80D53D04 
      Fingerprint SHA1: E7128D47 37C013DB A634A016 1BD2B674 0BE48333
% Do you accept this certificate? [yes/no]:

r1开始申请证书

R1(config)#crypto pki enroll CA
Dec 24 14:19:57.251: CRYPTO_PKI:  Certificate Request Fingerprint MD5: 7D4A4E77 273B7C8F 17474A9A 32F6E9FB 
Dec 24 14:19:57.255: CRYPTO_PKI:  Certificate Request Fingerprint SHA1: 73F0386E F104BD45 13103E06 0BB3ABE3 69B5C22A

- ca颁发证书
CA#crypto pki server CA info request
CA#crypto pki server CA grant 1

R1#show crypto pki certificates 
Dec 24 14:29:02.983: %PKI-6-CERTRET: Certificate received from Certificate Authority

R1#show crypto pki certificates

r2开始申请证书

- 到处自己的 个人信息+r2公钥,发给ca
R2(config)#crypto pki enroll CA
% Start certificate enrollment .. 

% The subject name in the certificate will include: cn=R2.maotai.com,ou=maotaisec,o=maotai
% The subject name in the certificate will include: R2
% Include the router serial number in the subject name? [yes/no]: no
% Include an IP address in the subject name? [no]: no
Display Certificate Request to terminal? [yes/no]: yes
Certificate Request follows:

MIIBsTCCARoCAQAwUDEPMA0GA1UEChMGbWFvdGFpMRIwEAYDVQQLEwltYW90YWlz
ZWMxFjAUBgNVBAMTDVIyLm1hb3RhaS5jb20xETAPBgkqhkiG9w0BCQIWAlIyMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqzJU62/bMuGxotd9cmvOQW5ftehsp
aLxQkjoE1RHgLof6KAgsRVpilNoZJJ/MMFWnJh87xyouWbU5BdHJq8zsiUT3yw9X
QOAg6goU35Av535it2J1zrYWLVL5YxtuY+iVxIt2SAjuhRdYOFyXc+qf0I3GRVAH
GI/Q5sQiMWQA0wIDAQABoCEwHwYJKoZIhvcNAQkOMRIwEDAOBgNVHQ8BAf8EBAMC
BaAwDQYJKoZIhvcNAQEFBQADgYEAKsa1DjloOMfaAqAGJ4/p/a/09IDoK9aiFSt+
RQ4Td5Dz+A+mvTBXeoUkL9hYThQvAd6h62dOh6BBLXYw10Tl3LVyodW+Dc/RSO3m
1liR8D1Ij7v9Ha94AbtfDFm2S45fi6383B/1qMmlsufcpH7r6Q1uEO0fthgo01A9
GUF8ABg=

---End - This line not part of the certificate request---



- ca导入r2的申请
CA#crypto pki server CA request pkcs10 terminal
PKCS10 request in base64 or pem

% Enter Base64 encoded or PEM formatted PKCS10 enrollment request.
% End with a blank line or "quit" on a line by itself.
MIIBsTCCARoCAQAwUDEPMA0GA1UEChMGbWFvdGFpMRIwEAYDVQQLEwltYW90YWlz
ZWMxFjAUBgNVBAMTDVIyLm1hb3RhaS5jb20xETAPBgkqhkiG9w0BCQIWAlIyMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqzJU62/bMuGxotd9cmvOQW5ftehsp
aLxQkjoE1RHgLof6KAgsRVpilNoZJJ/MMFWnJh87xyouWbU5BdHJq8zsiUT3yw9X
QOAg6goU35Av535it2J1zrYWLVL5YxtuY+iVxIt2SAjuhRdYOFyXc+qf0I3GRVAH
GI/Q5sQiMWQA0wIDAQABoCEwHwYJKoZIhvcNAQkOMRIwEDAOBgNVHQ8BAf8EBAMC
BaAwDQYJKoZIhvcNAQEFBQADgYEAKsa1DjloOMfaAqAGJ4/p/a/09IDoK9aiFSt+
RQ4Td5Dz+A+mvTBXeoUkL9hYThQvAd6h62dOh6BBLXYw10Tl3LVyodW+Dc/RSO3m
1liR8D1Ij7v9Ha94AbtfDFm2S45fi6383B/1qMmlsufcpH7r6Q1uEO0fthgo01A9
GUF8ABg=

% Enrollment request pending, reqId=2

- ca为r2颁发证书,将证书发给r2
CA#crypto pki server CA grant 2
% Granted certificate:
MIIClTCCAf6gAwIBAgIBAzANBgkqhkiG9w0BAQQFADB9MR8wHQYJKoZIhvcNAQkB
FhBhZG1pbkBtYW90YWkuY29tMQswCQYDVQQGEwJjbjEQMA4GA1UEBxMHYmVpamlu
ZzEPMA0GA1UEChMGbWFvdGFpMRIwEAYDVQQLEwltYW90YWlzZWMxFjAUBgNVBAMT
DUNBLm1hb3RhaS5jb20wHhcNMTcxMjI0MTQzMDUzWhcNMTgwNjIyMTQzMDUzWjBQ
MQ8wDQYDVQQKEwZtYW90YWkxEjAQBgNVBAsTCW1hb3RhaXNlYzEWMBQGA1UEAxMN
UjIubWFvdGFpLmNvbTERMA8GCSqGSIb3DQEJAhYCUjIwgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBAKrMlTrb9sy4bGi131ya85Bbl+16GylovFCSOgTVEeAuh/oo
CCxFWmKU2hkkn8wwVacmHzvHKi5ZtTkF0cmrzOyJRPfLD1dA4CDqChTfkC/nfmK3
YnXOthYtUvljG25j6JXEi3ZICO6FF1g4XJdz6p/QjcZFUAcYj9DmxCIxZADTAgMB
AAGjUjBQMA4GA1UdDwEB/wQEAwIFoDAfBgNVHSMEGDAWgBQYN6f+v6P6pY1nGUYA
QajrUYw1yjAdBgNVHQ4EFgQUyjgMlXltwkGnklUtJlfoPfXtlEMwDQYJKoZIhvcN
AQEEBQADgYEArEIc54rZVAWTxb3Ve1SJulQhcJEQCO3OI1DeloSlCcpaojYq0P6t
F+ZpBnobsfEboFovOO9H4h6CSXqoo/RuoTnAiWMxJu0FnD8UC5rXk5wY8NXHX5/2
jaLBtlzhDR9aL1p9LMGb0Lj64hcvmCgWfSlqaTjDSWLNEPpcrs1GQVk=


- r2将自己的证书导入
R2(config)#crypto pki import CA certificate 

Enter the base 64 encoded certificate.
End with a blank line or the word "quit" on a line by itself

MIIClTCCAf6gAwIBAgIBAzANBgkqhkiG9w0BAQQFADB9MR8wHQYJKoZIhvcNAQkB
FhBhZG1pbkBtYW90YWkuY29tMQswCQYDVQQGEwJjbjEQMA4GA1UEBxMHYmVpamlu
ZzEPMA0GA1UEChMGbWFvdGFpMRIwEAYDVQQLEwltYW90YWlzZWMxFjAUBgNVBAMT
DUNBLm1hb3RhaS5jb20wHhcNMTcxMjI0MTQzMDUzWhcNMTgwNjIyMTQzMDUzWjBQ
MQ8wDQYDVQQKEwZtYW90YWkxEjAQBgNVBAsTCW1hb3RhaXNlYzEWMBQGA1UEAxMN
UjIubWFvdGFpLmNvbTERMA8GCSqGSIb3DQEJAhYCUjIwgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBAKrMlTrb9sy4bGi131ya85Bbl+16GylovFCSOgTVEeAuh/oo
CCxFWmKU2hkkn8wwVacmHzvHKi5ZtTkF0cmrzOyJRPfLD1dA4CDqChTfkC/nfmK3
YnXOthYtUvljG25j6JXEi3ZICO6FF1g4XJdz6p/QjcZFUAcYj9DmxCIxZADTAgMB
AAGjUjBQMA4GA1UdDwEB/wQEAwIFoDAfBgNVHSMEGDAWgBQYN6f+v6P6pY1nGUYA
QajrUYw1yjAdBgNVHQ4EFgQUyjgMlXltwkGnklUtJlfoPfXtlEMwDQYJKoZIhvcN
AQEEBQADgYEArEIc54rZVAWTxb3Ve1SJulQhcJEQCO3OI1DeloSlCcpaojYq0P6t
F+ZpBnobsfEboFovOO9H4h6CSXqoo/RuoTnAiWMxJu0FnD8UC5rXk5wY8NXHX5/2
jaLBtlzhDR9aL1p9LMGb0Lj64hcvmCgWfSlqaTjDSWLNEPpcrs1GQVk=

% Router Certificate successfully imported



- r2查看自己的证书
R2#show crypto pki certificates
Certificate
  Status: Available
  Certificate Serial Number (hex): 03
  Certificate Usage: General Purpose
  Issuer: 
    cn=CA.maotai.com
    ou=maotaisec
    o=maotai
    l=beijing
    c=cn
    e=admin@maotai.com
  Subject:
    Name: R2
    hostname=R2
    cn=R2.maotai.com
    ou=maotaisec
    o=maotai
  Validity Date: 
    start date: 22:30:53 GMT Dec 24 2017
    end   date: 22:30:53 GMT Jun 22 2018
  Associated Trustpoints: CA 

CA Certificate
  Status: Available
  Certificate Serial Number (hex): 01
  Certificate Usage: Signature
  Issuer: 
    cn=CA.maotai.com
    ou=maotaisec
    o=maotai
    l=beijing
    c=cn
    e=admin@maotai.com
  Subject: 
    cn=CA.maotai.com
    ou=maotaisec
    o=maotai
    l=beijing
    c=cn
    e=admin@maotai.com
  Validity Date: 
    start date: 22:02:23 GMT Dec 24 2017
    end   date: 22:02:23 GMT Dec 23 2020
  Associated Trustpoints: CA

配置ipsec lantolan vpn(默认使用证书认证)

- r1

ip access-list extended vpn
 permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255
crypto isakmp policy 10
crypto ipsec transform-set cisco esp-des esp-md5-hmac 
crypto map cisco 10 ipsec-isakmp 
 match address vpn
 set transform-set cisco 
 set peer 202.100.1.2

interface FastEthernet0/0
 crypto map cisco

- r2
ip access-list extended vpn
 permit ip 2.2.2.0 0.0.0.255 1.1.1.0 0.0.0.255
crypto isakmp policy 10
crypto ipsec transform-set cisco esp-des esp-md5-hmac 
crypto map cisco 10 ipsec-isakmp 
 match address vpn
 set transform-set cisco 
 set peer 202.100.1.1
 
interface FastEthernet0/0
 crypto map cisco
- ca吊销r2的证书
CA#crypto pki server CA revoke 0x3
% Certificate 03 succesfully revoked.

R1#clear crypto isa
R1#clear crypto sa

r1 2还是能通,为何呢?

r1有crl缓存
R1#show crypto pki crls 
CRL Issuer Name: 
    cn=CA.maotai.com,ou=maotaisec,o=maotai,l=beijing,c=cn,e=admin@maotai.com
    LastUpdate: 22:02:23 GMT Dec 24 2017
    NextUpdate: 04:02:23 GMT Dec 25 2017
    Retrieved from CRL Distribution Point: 
      ** CDP Not Published - Retrieved via SCEP

 CRL DER is 326 bytes
 CRL is stored in parsed CRL cache


Parsed CRL cache current size is 326 bytes
Parsed CRL cache maximum size is 65536 bytes
- r1清除cls缓存,强行刷新
R1(config)#crypto pki crl request CA
R1(config)#end
R1#show crypto pki crls 
CRL Issuer Name: 
    cn=CA.maotai.com,ou=maotaisec,o=maotai,l=beijing,c=cn,e=admin@maotai.com
    LastUpdate: 22:39:54 GMT Dec 24 2017
    NextUpdate: 04:39:54 GMT Dec 25 2017
    Retrieved from CRL Distribution Point: 
      ** CDP Not Published - Retrieved via SCEP

 CRL DER is 348 bytes
 CRL is stored in parsed CRL cache


Parsed CRL cache current size is 674 bytes
Parsed CRL cache maximum size is 65536 bytes
- 再次测试发现不同了
R1#clear crypto isa
R1#clear crypto sa
R1#ping 2.2.2.2 so lo0 re 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1 

Dec 24 14:42:53.619: %CRYPTO-5-IKMP_INVAL_CERT: Certificate received from 202.100.1.2 is bad: CA request failed!.
Dec 24 14:42:53.623: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer at 202.100.1.2.
Dec 24 14:42:55.207: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from 202.100.1.2 failed its sanity check or is malformed.

解决缓存

1, ocrl 在线获取crl(思科ios不支持)
2, 本地不缓存

R1(config)#crypto pki trustpoint CA
R1(ca-trustpoint)#crl cache none
weixin_33962923
关注
  • 0
    点赞
  • 7
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
IPSEC CA证书配置(附CA服务器)
悦分享
10-10 548
IPSec V.P.N点到多点场景中,进行身份认证时如果使用预共享密钥方式,总部和每个分部之间形成的对等体都要配置预共享密钥。如果所有对等体都使用同一个密钥,存在安全风险,而每个对等体都使用不同的密钥,又不便于管理和维护。为了解决上述问题,可以使用证书认证。IKE通过借用了PKI中的证书机制来进行对等体的身份认证,不必再为每个对等体配置单独的密钥,降低管理成本。证书导入:使用设备的密钥及必要信息到CA颁发证书,并将成对的证书导入到设备;
SVC命令行管理与使用
01-12
SVC命令简介
SPI协议基础
caoleiwe的博客
01-05 546
     以下内容主要参考于维基百科。      SPI(SerialPeripheralInterface)SPI(Serial\quad Peripheral\quad Interface)SPI(SerialPeripheralInterface)协议是一种同步串行通信协议,它主要用于嵌入式系统中的短距离通信。它由摩托罗拉公司在198019801980年代中期设计并且现在已经成为了事实上的标准。最常见的
一场椭圆曲线的寻根问祖之旅 | FISCO BCOS密码学探究
FISCO_BCOS的博客
02-25 2927
本文介绍密码学中常见的椭圆曲线以及他们之间的关系,介绍不同标准体系的命名规则,尝试描述椭圆曲线之间的家族演义关系。文章试图讲清椭圆曲线相关概念和功能,不涉及复杂的数学证明和推理,欢迎感兴趣的同学阅读。笔者主要参考Wikipedia和相关组织网站的信息进行整理,不排除出现纰漏的可能,欢迎专家批评指正。 一个可能你没关心过的问题 在《一个数字引发的探索——ECDSA解析》(加链接)中提到一个椭...
IPSec证书认证实验配置
m0_49864110的博客
05-21 686
目录 FW申请本地证书和CA证书(以FW1为例-FW2与FW1类似) 基础配置--保证FW可以和证书服务器相通 配置与证书服务器相连接口的IP地址 配置接口安全区域 配置相关安全策略 离线方式申请本地证书和CA证书 上传CA证书 基础配置-配置接口IP地址、安全区域、路由 配置接口IP地址 将接口加入相应的安全区域 配置去公网的路由 配置安全策略 向服务组添加IKE、IPSec协商使用的ISAKMP报文 配置IKE与IPSec协商安全策略 配置安全协议(封装数据报文).....
锐捷网络——CA数字证书配置——数字证书常见问题和故障
君逍遥o
09-16 627
数字证书就是互联网通讯中标志通讯各方身份信息的一系列数据,提供了一种在Internet上验证您身份的方式,其作用类似于司机的驾驶执照或日常生活中的身份证。它是由一个由权威机构-----CA机构,又称为证书授权
用路由器做CA的基于数字证书ipsec ***
weixin_33850890的博客
02-03 494
用路由器做CA的基于数字证书ipsec *** --by Mast 2012 本实验采用路由器来作为ca服务器,实现site to site的基于数字证书IPSec ×××。 实验环境: 原来准备用IOU来做这个实验的,可是试了之后发现IOU对路由器做ca这一块支持不好,要么ca server起不来,要么证书获取不到,因此最后还是采用小凡的模拟器来做。采用...
VPN部署场景——IPSec VPN—点到点VPN(2)
最新发布
君逍遥o
09-21 365
通过VPN将2个局域网连接起来,vpn隧道需要采用证书认证方式来协商,实现192.168.0.0/24与192.168.1.0/24两个网段的通信
安卓svc命令使用总结
01-21
使用环境: 在无屏幕状态下想要控制Wi-Fi、电源、数据流量、usb、nfc。 命令简介: 通过adb shell 进入交互页面,输入svc显示下图说明 下面就每个命令做相应的使用说明: 1、power  在shell环境下输入svc power...
SVC单机_svc
09-23
单机柔性SVC,无功补偿,模型可以运行。
c7200-adventerprisek9-mz.151-4.M.bin
06-03
该文件为cisco 7200 ios 的最新版本151.....................凑字数
c7200-adventerprisek9-mz.152-4.S7.image
03-06
Cisco思科c7200最高版本的路由器 GNS3可用 此为官网下载最新版c7200
c7200p-adventerprisek9-mz.151-4.M.bin
06-03
cisco 7200 ios 最新版本151 和7200P区别 Unlike other network processing engines, the Cisco NPE-G2 has its own software images with the prefix of "c7200p" in the file names. All other network processing engines are compatible with images with the prefix of "c7200" only.
svc.zip_svc
09-23
a var controller is presented.
IPSec
qq_50629812的博客
04-12 798
1.什么是数字认证,有什么作用,有哪些实现的技术手段?数字认证证书它是以数字证书为核心的加密技术可以对网络上传输的信息进行加密和解密、数字签名和签名验证,确保网上传递信息的安全性、完整性。使用了数字证书,即使您发送的信息在网上被他人截获,甚至您丢失了个人的账户、密码等信息,仍可以保证您的账户、资金安全。简单来说就是保障你的在网上交易的安全。SSL证书主要用于服务器(应用)的数据传输链路加密和身份认证,绑定网站域名,不同的产品对于不同价值的数据和要求不同的身份认证
eve-ng 思科Dynamips路由器C7200 C3600 修改idle值
qq_17533907的博客
02-19 486
eve-ng 思科dynamips路由器镜像修改idle值
IPSec 使用证书的方法
校园一站式平台大学生创业团队,初心从未改变
02-14 1014
答:访问https://192.168.60.11/certsrv选择申请证书->高级申请->提交一个证书申请。第一步:确保两台主机那进行通信,并在同一个域里(或同一个证书颁发机构颁发的证书)申请IPSec证书。答:需要使用https访问申请。第二步:把ipsec安全策略身份验证方法更改为证书验证。答:进入ca颁发机构 证书模板添加ipsec证书模板。问:没有提交一个证书申请的按钮怎么办?问:CSP显示加载中没有反应怎么办?问:没有IPSec模板怎么解决?
[svc]证书各个字段的含义
05-23
证书是由数字证书认证机构(CA)颁发的,用于证明某个实体(例如个人、组织或网站)的身份和信任的电子文档。证书包含以下字段: 1. 主题(Subject):证书所属实体的名称、电子邮件地址或其他标识符。 2. 颁发者...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值