如何从Windows_CA获取数字证书.pdfVIP

Obtain a Digital Certificate for the ASA from a Microsoft Windows 2003 CA using ASDM Document ID: 71050 Introduction Prerequisites Requirements Components Used Related Products Conventions Configure the ASA to Exchange Certificates with the Microsoft CA Task Instructions to Configure the ASA Results Verify Check and Manage Your Certificate Commands Troubleshoot Commands NetPro Discussion Forums − Featured Conversations Related Information Introduction Digital certificates can be used to authenticate network devices and users on the network. They can be used to negotiate IPSec sessions between network nodes. Cisco devices identify themselves securely on a network in three main ways: 1. Pre−Shared Keys. Two or more devices can have the same shared secret key. Peers authenticate each other by computing and sending a keyed hash of data that includes the preshared key. If the receiving peer is able to create the same hash independently using its preshared key, it knows that both peers must share the same secret, thus authenticating the other peer. This method is manual and not very scalable. 2. Self−Signed Certificates. A device generates its own certificate and signs it as being valid. This type of certificate should have limited usage. Using this certificate with SSH and HTTPS access for configuration purposes are good examples. A separate username/password pair is needed to complete the connection. Note: Persistent Self−Signed Certificates survive router reloads because they are saved in the nonvolatile random−access memory (NVRAM) of the device. Refer to Persistent Self−Signed Certificates for more information. One good example of use is with SSL VPN (WebVPN)