5–Managing SwitchesConfiguring the Network5-50 59266-01 BIPsec CertificatesA certificate is used to authenticate an IKE peer. A certificate name is a string ofup to 32 characters. The peer systems automatically exchange their own digitalcertificates and provide authentication based on the validity of the certificates andtheir enclosed public keys.Use the IKE Certs dialog box to: Import or delete a certificate authority (CA) Generate, import, or delete a certificate key Import or delete a certificate Generate a certificate requestA certificate request specifies the information packaged in a certificate requestfile. A certificate request file is generated on the switch and sent to the customer'scertificate authority vendor to be authenticated. After the certificate request filecontents are authenticated, the CA sends the customer a signed certificatecontaining the public key, Distinguished Name (DN), AltNames, and CA identity tothe switch. This certificate can then be imported and used in the Certificate Namefield of the IKE Peer dialog (Figure 5-20) for public key authentication.Figure 5-24. IKE Certificates Dialog BoxTable 5-11 provides field definitions for the IKE Certificates dialog box.Table 5-11. IKE Certificates Dialog Box ButtonsButton DescriptionImport CA Imports a certificate authority— an entity or vendor thatissues and verifies certificates for use by other parties
