JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Securing the Network in Oracle Solaris 11.1     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

1.  Using Link Protection in Virtualized Environments

2.  Tuning Your Network (Tasks)

3.  Web Servers and the Secure Sockets Layer Protocol

4.  IP Filter in Oracle Solaris (Overview)

5.  IP Filter (Tasks)

6.  IP Security Architecture (Overview)

7.  Configuring IPsec (Tasks)

8.  IP Security Architecture (Reference)

9.  Internet Key Exchange (Overview)

10.  Configuring IKE (Tasks)

Displaying IKE Information

How to Display Available Groups and Algorithms for Phase 1 IKE Exchanges

Configuring IKE (Task Map)

Configuring IKE With Preshared Keys (Task Map)

Configuring IKE With Preshared Keys

How to Configure IKE With Preshared Keys

How to Update IKE for a New Peer System

Configuring IKE With Public Key Certificates (Task Map)

Configuring IKE With Public Key Certificates

How to Configure IKE With Self-Signed Public Key Certificates

How to Configure IKE With Certificates Signed by a CA

How to Generate and Store Public Key Certificates in Hardware

How to Handle a Certificate Revocation List

Configuring IKE for Mobile Systems (Task Map)

Configuring IKE for Mobile Systems

How to Configure IKE for Off-Site Systems

Configuring IKE to Find Attached Hardware

How to Configure IKE to Find the Sun Crypto Accelerator 6000 Board

11.  Internet Key Exchange (Reference)

Glossary

Index

Configuring IKE With Public Key Certificates (Task Map)

The following table provides pointers to procedures for creating public key certificates for IKE. The procedures include how to accelerate and store the certificates on attached hardware.

A public certificate must be unique, so the creator of a public key certificate generates an arbitrary, unique name for the certificate. Typically, an X.509 distinguished name is used. An alternate name can also be used for identification. The format of these names is tag=value. The values are arbitrary, though the format of the value must correspond to its tag type. For example, the format of the email tag is name@domain.suffix.

Task
Description
For Instructions
Configure IKE with self-signed public key certificates.
Creates and places two certificates on each system:
  • A self-signed certificate

  • The public key certificate from the peer system

Configure IKE with a PKI Certificate Authority.
Creates a certificate request, and then places three certificates on each system:
  • The certificate that the Certificate Authority (CA) creates from your request

  • The public key certificate from the CA

  • The CRL from the CA

Configure public key certificates in local hardware.
Involves one of:
  • Generating a self-signed certificate in the local hardware, then adding the public key from a remote system to the hardware.

  • Generating a certificate request in the local hardware, then adding the public key certificates from the CA to the hardware.

Update the certificate revocation list (CRL) from a PKI.
Accesses the CRL from a central distribution point.

Note - To label packets and IKE negotiations on a Trusted Extensions system, follow the procedures in Configuring Labeled IPsec (Task Map) in Trusted Extensions Configuration and Administration.

Public key certificates are managed in the global zone on Trusted Extensions systems. Trusted Extensions does not change how certificates are managed and stored.