Digital Certificates

Digital Certificates
Digital certificates help to verify the identity of the peers in an IPSec session. The digital
certificate functionality provided by the Cisco VPN Software Client falls into the following
categories:
¦ Enrollment mechanisms
¦ Certificate authorities
¦ Smart cards
Enrollment mechanisms define the means by which digital certificates are securely issued.
Certificate authorities (CAs) actually issue the certificates by signing them with their own
private key. The Cisco VPN Software Client supports the following CAs:
¦ Entrust
¦ GTE Cybertrust
¦ Netscape
¦ Baltimore
¦ RSA Keon
¦ VeriSign
¦ Microsoft
Using smart cards also can help secure the login process by verifying the identification of the
user. The Cisco VPN Software Client supports various smart cards by using the Microsoft
crypto application programming interface (API) CRYPT-NOHASHOID, including the
following:
¦ ActivCard (Schlumberger cards)
¦ eToken from Aladdin
¦ Gemplus
¦ Datakey