Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
679
Views
5
Helpful
2
Replies

Which CA for Cisco IOS VPN PKI

sebastian.lemke
Level 1
Level 1

‎02-04-2014 02:34 AM

Hi,

I am currently doing some testing to figure out an optimal solution for providing a PKI for multiple customer VPNs (IKE authentication).

I would like to implement

- SCEP for enrollment

- manual admin permission for first enrollment

- automatic re-enrollment in case a certificate times out (without any manual admin approval)

- automatic renewal of CA certificate

- Certificate Revocation Mechanism for all VPN peers (required for full mesh VPNs)

So far I have tested

- Cisco IOS CA - works like a charm - unsure about scalability, manageability and multi-customer support

- Windows 2008 CA - real pain to work with, couldn't get all requirements implemented unitl now

What would you recommend?

Labels:
0 Helpful
2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎02-04-2014 04:32 AM

Can't say whether it will meet all your requirments but check also http://www.ejbca.org/

sebastian.lemke
Level 1
Level 1
In response to Marcin Latosiewicz

‎02-04-2014 04:35 AM

Thanks!

I already heard of ejbca and its SCEP capability. This will be the next on the list to try if no other proposals sound better.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents