The ikev2cert command is used to generate, store, and manage public and private keys and certificates. You use this command when the ike/ikev2.config file requires public key certificates. Because IKEv2 uses these certificates to authenticate IKEv2 peers, the certificates must be in place before the in.ikev2d daemon reads rules that require the certificates.
The ikev2cert command calls the pktool command as ikeuser.
The following ikev2cert commands manage certificates for IKEv2. The commands must be run by the ikeuser account. The results are stored in the PKCS #11 softtoken keystore.
ikev2cert setpin – Generates a PIN for the ikeuser user. This PIN is required when you use certificates.
ikev2cert gencert – Generates a self-signed certificate.
ikev2cert gencsr – Generates a certificate signing request (CSR).
ikev2cert list – Lists certificates in the keystore.
ikev2cert export – Exports certificates to a file for export.
ikev2cert import – Imports a certificate or CRL.
For information about the syntax of the ikev2cert subcommands, see the pktool(1) man page. For examples, see the ikev2cert(1M) man page. For information about the softtoken keystore, see the cryptoadm(1M) man page.