R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
314
CB4D05E6 55DC11B6 9F4C014D EA600306
81D403CF 2D93BC5A 8AF3224D 1125E439
78ECEFE1 7FA9AE7B 877B50B8 3280509F
6B
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B68E4107 91D7C44C 7ABCE3BA 9BF385F8 A448F4E1
X509v3 Authority Key Identifier:
keyid:9D823258 EADFEFA2 4A663E75 F416B6F6 D41EE4FE
X509v3 CRL Distribution Points:
URI:http://l00192b/CertEnroll/CA%20server.crl
URI:file://\\l00192b\CertEnroll\CA server.crl
Authority Information Access:
CA Issuers - URI:http://l00192b/CertEnroll/l00192b_CA%20server.crt
CA Issuers - URI:file://\\l00192b\CertEnroll\l00192b_CA server.crt
1.3.6.1.4.1.311.20.2:
.0.I.P.S.E.C.I.n.t.e.r.m.e.d.i.a.t.e.O.f.f.l.i.n.e
Signature Algorithm: sha1WithRSAEncryption
81029589 7BFA1CBD 20023136 B068840B
You can also use some other display commands to view more information about the CA certificate.
Applying RSA digital signature in IKE negotiation
Network requirements
• An IPsec tunnel is set up between Firewall A and Firewall B to secure the traffic between Host A on
subnet 10.1.1.0/24 and Host B on subnet 11.1.1.0 / 24 .
• Firewall A and Firewall B use IKE for IPsec tunnel negotiation and RSA digital signature of a PKI
certificate system for identity authentication.
• As shown in Figure 209, F
irewall A and Firewall B use different CAs. They might also use the same
CA as required.