Usually if we mention about Public Key Infrastructure we think about external Certificate Authority like Verisign or GoDaddy. It turns out, there is a SCEP protocol that enables us running our own CA in Cisco environment and that certificates we may use during ISAKMP IKEv1 or IKv2 authentication.
Simple RSA Private/Public key is not enough to provide secure connection between Client and Server. How do we really know that the server we want connect to is actually correct server, not a bogus one ? Private Key might be stolen and somebody else can easily pretend the server. 3rd party Certificate Authority and Public Key Infrastructure…