cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
803
Views
5
Helpful
2
Replies

Which CA for Cisco IOS VPN PKI

sebastian.lemke
Level 1
Level 1

Hi,

I am currently doing some testing to figure out an optimal solution for providing a PKI for multiple customer VPNs (IKE authentication).

I would like to implement

- SCEP for enrollment

- manual admin permission for first enrollment

- automatic re-enrollment in case a certificate times out (without any manual admin approval)

- automatic renewal of CA certificate

- Certificate Revocation Mechanism for all VPN peers (required for full mesh VPNs)

So far I have tested

- Cisco IOS CA - works like a charm - unsure about scalability, manageability and multi-customer support

- Windows 2008 CA - real pain to work with, couldn't get all requirements implemented unitl now

What would you recommend?

2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Can't say whether it will meet all your requirments but check also http://www.ejbca.org/

Thanks!

I already heard of ejbca and its SCEP capability. This will be the next on the list to try if no other proposals sound better.