Go to main content

Securing the Network in Oracle® Solaris 11.4

Exit Print View

Updated: January 2019
 
 

Configuring IKEv2 With Public Key Certificates

Public certificates can be a good choice for large deployments. For more information, see IKE With Public Key Certificates.

Public key certificates are stored in a softtoken keystore by the Cryptographic Framework.

For background information, see How IKE Works.

The following task map lists procedures for creating public key certificates for IKEv2.

Table 10  Configuring IKEv2 With Public Key Certificates Task Map
Task
Description
For Instructions
Create a keystore for certificates.
Initializes the PKCS #11 keystore where the certificates for IKEv2 are stored.
Configure IKEv2 with self-signed public key certificates.
Creates a public key certificate signed by you. Exports the certificate to peers and imports the peers' certificates.
Configure IKEv2 with a certificate from a CA.
Requires you to create a CSR and then import all returned certificates into the keystore. Then, verify and import the IKE peers' certificates.
Configure how revoked certificates are handled.
Determines if CRLs are used and OCSP servers are polled, including how to handle network delays.