Certificate Authorities (CA)
The certificate authority (CA) support of Cisco routers and the PIX Firewall allows the IPSec-protected network to scale by providing the equivalent of a digital identification card to each device. When two IPSec peers want to communicate, they exchange digital certificates to prove their identities (thus removing the need to manually exchange public keys with each peer or to manually specify a shared key at each peer). The digital certificates are obtained from a certificate authority. CA support on Cisco products uses RSA signatures to authenticate the CA exchange.
This brings us to the end of the first part of this five-part series of articles covering IPSec. Be sure to catch the next installment.