Task |
Description |
For Instructions, Go To … |
---|---|---|
Configure IKE with pre-shared keys |
Involves creating a valid IKE policy file and ike.preshared file. IPsec files are also set up before booting the system to use the IKE-generated keys. | |
Refresh pre-shared keys on a running IKE system |
Involves checking the IKE privilege level and editing the ipseckeys file with fresh keying material on communicating systems. | |
Add pre-shared keys to a running IKE system |
Involves checking the IKE privilege level and running the ikeadm command with fresh keying material on communicating systems. | |
Configure IKE with self-signed public key certificates |
Involves creating self–signed certificates with the ikecert certlocal -ks command, and adding the public key from a communicating system with the ikecert certdb command. | |
Configure IKE with a PKI Certificate Authority |
Involves sending output from the ikecert certlocal –kc command to a PKI organization, and installing the public key, CA, and CRL from the organization. |
How to Configure IKE With Public Keys Signed by a Certificate Authority |
Update the CA revocation lists |
Involves accessing a PKI organization's CRL from a central distribution point. | |
Use the Sun Crypto Accelerator 1000 card with IKE |
Involves setting the path to the PKCS#11 library for the device. |