A Certificate Authority is a trusted entity is that issues digital certificates to devices which need secure communication and plays an important part in the public key infrastructure (PKI). There are several CA implementations provided by third-party CA vendors like Microsoft or the open source OpenSSL implementation but in this article we will focus on configuring the internal Certificate Authority server which is available on Cisco IOS. We will also discuss about the certificate enrollment process with a CA and how these digital certificates can be used for authentication purposes. This feature has been introduced in Cisco IOS version 12.3(4)T and it’s available only on Cisco IOS images with the security feature set.
In modern datacenters one of the most important things that needs to be addressed is uptime. Cisco ASA offers high availability mechanisms like failover in order to provide network uptime and redundancy. In order to configure failover we need two identical ASA devices connected to each other through a dedicated failover link and, optionally, a stateful failover link. There are two different failover modes that are supported on the ASA platform: active/standby and active/active. In this article we will focus only on configuring active/standby failover. In an active/standby failover setup only one unit called the active unit is passing traffic. The standby unit is used as a backup of the active unit and only accepts management connections (all transit traffic is dropped). When the active unit fails, it changes to the standby state while the standby unit changes to the active state.