Cisco Secure Virtual Private Networks








4.2
Certificate
Generation



4.2.2
Certificate
request messagePKCS#10






First, a public and private key pair is
created on the local machine. The algorithm and the key length (512,
768, or 1024 bits) used to create the key pair is selected by the
user. The RSA signing is an algorithm designed by RSA Laboratories
and defined by PKS#10. Most PKI environments support RSA signing.
The Directory System Agent (DSA) signing is a public algorithm
backed by the U.S. government. DSA signing is supported by a limited
number of PKI vendors (for example, NAI and Baltimore are two who
support DSA signing).
User information (common name,
organizational unit, organization, locality, state, and country) and
the public key are included in the PKCS#10 request message. The
requestor signs the PKCS#10 with his private key and forwards the
request to the CA. The CA can use the requestor's public key to
verify the authenticity of the PKCS#10.