12-28-2018 05:15 AM - edited 12-28-2018 05:38 AM
Hi
Im looking to build a Windows Server Certification Authority that is in accordance with RFC 5759 (NSA Suite B cryptography).
I will be using IKEV2 and looking at using cetificates that are:
CSP: ECDSA_P384#Microsoft Software Key Storage Provider
Key Length: 384
Hash Algorithm: SHA-384
RFC 5759 requirements:
The RFC states that the following extensions must be present: subjectKeyIdentifier (SKI), keyUsage, and basicConstraints. Furthermore it states that the keyUsage extension must be marked as critical, and that the keyCertSign and CRLSign bits must be set. All other bits (except for digital signature and non-repudiation, which may be set) must not be set.
Will these certificates work for Ikev2 in a mixed platform of IOS Routers (2951 sec +) and ASA's (5506 Sec +) ?
Solved! Go to Solution.
12-28-2018 07:10 PM
Yes, as long as you are running relatively recent software versions on them.
12-28-2018 07:10 PM
Yes, as long as you are running relatively recent software versions on them.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide