No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


NE40E V800R010C10SPC500 Feature Description - Security 01

This is NE40E V800R010C10SPC500 Feature Description - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Certificate Application on the IPSec VPN

Certificate Application on the IPSec VPN

When a node remotely accesses another node over a VPN, digital certificates can be used to authenticate devices that attempt to communicate with each other.

For example, as shown in Figure 17-5, Device A and Device B apply for certificates from the same CA server. When an IPSec VPN needs to established for data transmission, between Device A and Device B, the authentication procedures on them are as follows:

  1. After the initial communication, the peers share their entity certificates.
  2. They authenticate the signature of the peer's entity certificate through the public key of the root certificate saved locally. When issuing an entity certificate, the CA adds a signature to the certificate. Thus, the CA public key in the root certificate can be adopted for authenticating the signature of the peer's entity certificate.
  3. If the signature passes the authentication, the device compares the current time with the validity period on the certificate. If the current time is within the validity period, the authentication succeeds; otherwise, the authentication fails.
  4. If CRL authentication is enabled (according to the configuration on the device), the device searches for the serial number of the peer's certificate in the CRL. If the serial number is found, the certificate is invalid and thus the authentication fails; otherwise, the certificate passes the authentication.

Once the certificate passes the authentication, the IPSec VPN will be established between Device A and Device B.

Figure 17-5 Certificate application in the IPSec VPN
Updated: 2019-01-03

Document ID: EDOC1100055047

Views: 12799

Downloads: 31

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next