Overview

You can use digital certificates in place of preshared keys for IKE negotiations. For more information about IKE, see IKE Overview in Configuring IPsec.

Digital Certificate Terms and Acronyms

Table 31 describes terms and abbreviations that are used in this discussion of digital certificates.

Table 31: Digital Certificate Terms and Acronyms

Term or Abbreviation

Description

3DES

Triple DES encryption/decryption algorithm

Base64

Method used to encode certificate requests and certificates before they are sent to or from the CA

CA

Certificate authority; an organization that creates digital certificates

Certificate

Binds a person or entity to a public key using a digital signature

CRL

Certificate revocation list; a list of certificates that a CA has revoked

ESP

Encapsulating Security Payload; provides data integrity, data confidentiality and, optionally, sender's authentication

IKE

Internet Key Exchange

PKCS

Public-Key Cryptography Standards; a series of standards established by RSA Laboratories

PKCS10

PKCS #10; describes a syntax for certification requests

Root CA

CA that signs the certificates of subordinate CAs

Root certificate

Self-signed public key certificate for a root CA; root certificates are used to verify other certificates

RSA

Rivest-Shamir-Adleman encryption algorithm

SA

Security association; the set of security parameters that dictate how IPsec processes a packet, including encapsulation protocol and session keys. A single secure tunnel uses multiple SAs.

SCEP

Simple certificate enrollment protocol; used to submit requests and to download certificates and CRLs