[Openswan Users] CA server issue with cisco
Ming-Ching Tiew
mctiew at yahoo.com
Tue May 20 14:47:43 EDT 2008
--- On Tue, 5/20/08, Paul Wouters <paul at xelerance.com> wrote:
> From: Paul Wouters <paul at xelerance.com>
> Subject: Re: [Openswan Users] CA server issue with cisco
> To: "Ming-Ching Tiew" <mctiew at yahoo.com>
> Cc: users at openswan.org
> Date: Tuesday, May 20, 2008, 3:30 PM
> On Mon, 19 May 2008, Ming-Ching Tiew wrote:
>
> > I am trying to perform interoperability tests with
> cisco but I am stucked the part where cisco requires a
> Certification Authority Server which listens to connections
> using http, and handles dispensing of CA cert and signing of
> certificate and so on. It seems that cisco boxes themselves
> can also serve as CA servers, but I am quite reluctant to
> do it that way. Anyone know if it is possible to make a
> Linux box working as the so-called "CA Server" ?
>
> Is it using OCSP? There is support for that.
>
Thanks for the information. I did some checking on OCSP. It seems that OCSP has more to do with certificate status, while I am have seen here, is more of a certificate management stuff but perform over http.
On checking, I found something on SCEP and an implementation called OpenSCEP. I will verify to see if the OpenSCEP will meet this ( because the doc I have on the Cisco IPSEC does not specifically mention the word SCEP, it just say ca enrolment using http ).
Thanks once again.
More information about the Users
mailing list