Which statement is true about the PKI deployment using Cisco IOS devices?

Which statement is true about the PKI deployment using Cisco IOS devices?

Which statement is true about the PKI deployment using Cisco IOS devices?

A.
During the enrollment, CA or RA signs the client certificate request with its public key.

B.
RA is capable to publish the CRLs.

C.
Peers use private leys in their certificates to negotiate IPSec SAs to establish the
secure channel.

D.
RA is used for accepting the enrollment requests.

E.
Certificate Revocation is not supported by SCEP protocol.

Explanation:
The RA only has the power to accept registration requests and forward them to the CA.
It is not allowed to issue certificates or publish CRLs. The CA is responsible for these
functions.

http://www.cisco.com/en/US/tech/tk1132/technologies_white_paper09186a00800e79
cb.shtml



Leave a Reply 0

Your email address will not be published. Required fields are marked *