Ways to Resolve Trust Issues
For both Web server access and MCTS Certification router authentication where more than one organization is involved, trust issues can be resolved in three ways:
A copy of the root CA certificate that is required is added to the certificate store of the Web server or of the VPN router. This might be the best solution when the number of certificates required is small. Perhaps trust of one external organization’s certificate hierarchy is required on one Web server. Perhaps the number of
VPN routers that require certificates is small—for example, one VPN router connection with one other company is all that is needed. However, this solution does not scale well. As the number of VPN routers that must be configured with additional certificates increases, the time needed to configure them and maintain the certificates can be unmanageable.
All certificates used can be purchased from a common public free practice exams for MCTS Authority. If all certificates come from the same root CA—in this case the public one—all certificates will be trusted.
A cross certification infrastructure can be built between the two CAs that are managed by different sites. If a cross certification infrastructure is built, in its simplest form, all certificates issued by either hierarchy can be trusted by the other and no special configuration at the router level is required.
To secure communications using L2TP/IPSec VPNs between Site 3 and Sites 2 and 1, both routers (Routerl and Router2) must trust the root CA of the CA hierarchy that issued at least one of the Router3 computer certificates, and Router3 must trust the root CA that issued them.
Processing your request, Please wait....
