There are several CA vendors that interoperate with Cisco IOS
software on Cisco routers. They include Entrust, VeriSign, Baltimore, and
Microsoft. Several CA vendors support SCEP for enrolling Cisco routers
.
Entrust Technologies
The Entrust CA server is one of several
servers interoperable with Cisco. Entrust uses software that is installed and
administered by the user. The Cisco IOS software interoperates with the
Entrust/PKI 4.0 CA server. Entrust/PKI delivers the ability to issue digital
identifications to any device or application supporting the X.509 certificate
standard, meeting the need for security, flexibility, and low cost by
supporting all devices and applications from one PKI. Entrust/PKI offers the
features shown in Figure
.
VeriSign OnSite
The VeriSign OnSite CA server is another CA that
operates with Cisco routers. VeriSign administers the CA, providing the
certificates as a service.
The VeriSign OnSite solution delivers a fully
integrated enterprise PKI to control, issue, and manage IPSec certificates for
Cisco PIX Security Appliances and Cisco routers. VeriSign OnSite is a service
administered by VeriSign. VeriSign OnSite offers the features shown in Figure
.
Baltimore Technologies
UniCERT is the CA server offered by
Baltimore Technologies. Baltimore Technologies has implemented support for SCEP
in UniCERT, as well as the PKI Plus toolkit. These make it easy for customers
to enable certificate within their environments. The features of the UniCERT CA
server are shown in Figure
.
Microsoft Windows 2000 Certificate Services
Microsoft has
integrated SCEP support into the Windows 2000 CA server through the Security
Resource Kit for Windows 2000. This support lets customers use SCEP to obtain
certificates and certificate revocation information from Microsoft Certificate
Services for all of the Cisco virtual private network (VPN) security solutions.
The features are shown in Figure
.
The SCEP
tool is not installed by the Windows 2000 Resource Kit Setup. The SCEP tool
must be installed separately.