IKEv1 Utilities and Files
The following table summarizes the configuration files for IKEv1 policy,
the storage locations for IKEv1 keys, and the various commands and services
that implement IKEv1. For more about services, see Chapter 1, Introduction to the Service Management Facility, in Managing System Services in Oracle Solaris 11.2
.
Table 12-2 IKEv1 Service Name, Commands, Configuration and Key Storage Locations, and Hardware Devices
| | |
svc:/network/ipsec/ike:default
| The
SMF service that manages IKEv1.
|
|
/usr/lib/inet/in.iked
| Internet Key Exchange (IKEv1) daemon. Activates automated
key management when the ike service is enabled.
|
|
/usr/sbin/ikeadm [-v1]
| IKE administration
command for viewing and temporarily modifying the IKE policy. Enables you
to view IKE administrative objects such as Phase 1 algorithms and available
Diffie-Hellman groups.
|
|
/usr/sbin/ikecert
|
Certificate
database management command for manipulating local databases that hold public
key certificates. The databases can also be stored on attached hardware.
|
|
/etc/inet/ike/config
|
Default configuration
file for the IKEv1 policy. Contains the site's rules for matching inbound IKEv1 requests
and preparing outbound IKEv1 requests.
If this file exists, the in.iked daemon starts when
the ike service is enabled. You can change the location of this file
by using the svccfg command.
|
|
ike.preshared
|
Preshared keys file in the /etc/inet/secret directory. Contains secret keys for authentication
in the Phase 1 exchange. Used when configuring IKEv1 with preshared keys.
|
|
ike.privatekeys
|
Private keys directory
in the /etc/inet/secret directory.
Contains the private keys that are part of a public-private key pair.
|
|
publickeys directory
|
Directory in the /etc/inet/ike directory
that holds public keys and certificate files. Contains the public key part
of a public-private key pair.
|
|
crls directory
|
Directory in the /etc/inet/ike directory that holds revocation
lists for public keys and certificate files.
|
|
Sun Crypto Accelerator 6000 board
| Hardware that accelerates public key operations by offloading the operations
from the operating system. The board also stores public keys, private keys,
and public key certificates. The Sun Crypto Accelerator 6000 board is a FIPS 140-2 certified device
at Level 3.
|
|
|