IKE Authentication Using Public Keys Without Digital Certificates

During IKE negotiations, peers exchange public keys to authenticate each other's identity and to ensure that IKE SAs are established with the intended party. Typically, public keys are exchanged in messages containing an X.509v3 digital certificate.

As an alternative to setting up digital certificates, you can configure and exchange public keys for IKE peers and use these keys for RSA signature authentication without having to obtain a digital certificate. This method offers the simplicity and convenience of using preshared key authentication without its inherent security risks.

With this method, you no longer need a digital certificate to do the following:

• Associate the router with its own public key
• Enable a remote peer to display the router's public key
• Learn the remote peer's public key

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.