R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
103
CB4D05E6 55DC11B6 9F4C014D EA600306
81D403CF 2D93BC5A 8AF3224D 1125E439
78ECEFE1 7FA9AE7B 877B50B8 3280509F
6B
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B68E4107 91D7C44C 7ABCE3BA 9BF385F8 A448F4E1
X509v3 Authority Key Identifier:
keyid:9D823258 EADFEFA2 4A663E75 F416B6F6 D41EE4FE
X509v3 CRL Distribution Points:
URI:http://l00192b/CertEnroll/CA%20server.crl
URI:file://\\l00192b\CertEnroll\CA server.crl
Authority Information Access:
CA Issuers - URI:http://l00192b/CertEnroll/l00192b_CA%20server.crt
CA Issuers - URI:file://\\l00192b\CertEnroll\l00192b_CA server.crt
1.3.6.1.4.1.311.20.2:
.0.I.P.S.E.C.I.n.t.e.r.m.e.d.i.a.t.e.O.f.f.l.i.n.e
Signature Algorithm: sha1WithRSAEncryption
81029589 7BFA1CBD 20023136 B068840B
(Omitted)
You can also use some other display commands, for example, the display pki certificate ca domain
command, to view detailed information about the CA certificate.
Applying RSA digital signature in IKE negotiation
1. Network requirements
• An IPsec tunnel is set up between LB A and LB B to secure the traffic between Host A on subnet
10 .1.1. 0 / 24 a n d H o s t B o n s u b n e t 11.1.1.0 / 24 .
• LB A and LB B use IKE for IPsec tunnel negotiation and RSA digital signature of a PKI certificate
system for identity authentication.
• As shown in Figure 100, LB A and LB B u
se different CAs. They may also use the same CA as
required.