Specifications
Cisco Systems, Inc.
All contents are Copyright © 1992–2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 14 of 42
• The client must have the corresponding private key. To verify that the private key exists, view the general section
of the certificate and verify that you see the following message: “You have a private key that corresponds to this
certificate” (Figure 5-4).
• Whenviewingthe certificate, you have to verify that the following statement appears: “This certificate is intended
to: Guarantee your identity to a remote computer” (Figure 5-4).
• Whenviewingthecertificateyouhave to verify that the certificate date is valid.You can view the certificate“Valid
from 12/3/2001 to 12/3/2003” (Figure 5-4).
Figure 5-4
Client Certificate: Date and Private Key Verification
5.2.2 AAA Server Certificate Requirements
For the server certificate installed on the AAA server several requirements must be met. (You should also read AAA
server documentation before configuring the certificate.)
• The certificate must be X.509 Version 3 (Figure 5-5).
• The certificate must have the EKU field. For the server certificate, the Enhanced Key Usage must contain the
Server Authentication certificate purpose (OID “1.3.6.1.5.5.7.3.1”) (Figure 5-5).
• The AAA server must have the private key in order to use the certificate.