Configuring IKEv2 With Public Key Certificates
Public certificates can be a good choice for large deployments. For more information,
see IKE With Public Key Certificates.
Public key certificates are stored in a softtoken keystore by the Cryptographic Framework. On
systems with attached hardware, the certificates can also be generated and stored in the hardware.
For the procedure, see How to Generate and Store Public Key
Certificates for IKEv2 in Hardware.
For background information, see How IKE Works.
The following task map lists procedures for creating public key certificates for
IKEv2. The procedures include how to store the certificates in a hardware keystore if your system
has an attached Sun Crypto Accelerator 6000 board.
Table 9-1 Configuring IKEv2 With Public Key Certificates Task Map
|
|
|
|
Create a keystore for certificates.
|
Initializes the PKCS #11 keystore where the certificates for IKEv2 are stored.
|
|
|
Configure IKEv2 with self-signed public key certificates.
|
Creates a public key certificate signed by you. Exports the certificate to peers and imports
the peers' certificates.
|
|
|
Configure IKEv2 with a certificate from a CA.
|
Requires you to create a CSR and then import all returned certificates into the keystore.
Then, verify and import the IKE peers' certificates.
|
|
|
Configure how revoked certificates are handled.
|
Determines if CRLs are used and OCSP servers are polled, including how to handle network
delays.
|
|
|
Configure the storage of certificates in the keystore of attached hardware.
|
Locates the Sun Crypto Accelerator 6000 board and configures IKEv2 to use it.
|
|
|